Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

cfengine.symlink.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Symlink attack in cfengine requires immediate upgrade of Debian package to address security flaw.

Code
`Date: Tue, 16 Feb 1999 01:12:20 +0100  
From: Wichert Akkerman <[email protected]>  
To: [email protected]  
Subject: [SECURITY] New versions of cfengine fixes symlink attack  
  
-----BEGIN PGP SIGNED MESSAGE-----  
  
The maintainer of Debian GNU/Linux cfengine package found a error  
in the way cfengine handles temporary files when it runs the tidy  
action on homedirectories, which makes it suspectible to a symlink  
attack. The author has been notified of the problem but has not  
released a fix yet.  
  
We recommend you upgrade your cfengine package immediately.  
  
wget url  
will fetch the file for you  
dpkg -i file.deb  
will install the referenced file.  
  
Debian GNU/Linux 2.0 alias hamm  
- -------------------------------  
  
This version of Debian was released only for the Intel and the  
Motorola 680x0 architecture.  
  
Source archives:  
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9.orig.tar.gz  
MD5 checksum: 9c952524f2ce0a3dae6728f63d28a3ce  
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.diff.gz  
MD5 checksum: 9de13ab36791319a846f5d50248b8ed5  
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.dsc  
MD5 checksum: 6d5f1d2c10ec0a0eeef07dd73244bb44  
  
Intel architecture:  
ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_i386.deb  
MD5 checksum: c935781e39141fdcc5b3e3e7a1b5ac7b  
  
Motorola 680x0 architecture:  
ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_m68k.deb  
MD5 checksum: 8628802255c66796f8acd3fe1844bb0b  
  
  
For not yet released architectures please refer to the appropriate  
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .  
  
- --  
Debian GNU/Linux . Security Managers . [email protected]  
[email protected]  
Christian Hudon . Wichert Akkerman . Martin Schulze  
<[email protected]> . <[email protected]> . <[email protected]>  
  
-----BEGIN PGP SIGNATURE-----  
Version: 2.6.3ia  
Charset: noconv  
  
iQB1AwUBNsi3eKjZR/ntlUftAQGr9gL/UW53toFW/wGR2XidybaqwVVUWAWOo/dd  
U3w5QTSkRXIdrLQBnxtYDWvY7L9Re1nQDrVBekyTqlBb3smhgIP3kpjWC+U/wbhy  
/3l3B8ifja39Wwktg4OhCEwfTM7D+SId  
=Lfxs  
-----END PGP SIGNATURE-----  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
symlink attackcfengine upgradedebian packagesecurity flawtemporary filesarchitecture information
27