CVE-2006-0055

Name of the Vulnerable Software and Affected Versions: ee versions 4.10 through 6.0 on FreeBSD

Description: The issue arises from the ispell op function in ee, which uses predictable filenames and does not confirm the file being written. This allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.

Recommendations: For ee versions 4.10 through 6.0 on FreeBSD, consider restricting access to the ispell op function until a patch is available. As a temporary workaround, avoid using the ispell functionality in ee to minimize the risk of exploitation.