CVE 2006-1695
The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/
See the 
CVE page on Mitre.org
for more details.
