Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.8.2-1", "binary_name": "fabric" } ] }
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2185.json"