2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
Javier FernĂĄndez-Sanguino PeĂąa discovered insecure temporary file use
in cfengine2, a tool for configuring and maintaining networked
machines, that can be exploited by a symlink attack to overwrite
arbitrary files owned by the user executing cfengine, which is
probably root.
The oldstable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) these problems have been fixed in
version 2.1.14-1sarge1.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your cfengine2 package.