CAN-2005-2960

The CVE CVE-2005-2960 is linked to cfengine and arises from insecure temporary-file handling that allows a local attacker to perform a symlink attack to overwrite files owned by the cfengine user (likely root). Connected documents describe vulnerable cfengine versions (e.g., cfengine <= 1.6.5 ...

FreeBSD : cfengine -- arbitrary file overwriting vulnerability (8688d5cd-328c-11da-a263-0001020eed82)

A Debian Security Advisory reports : Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine,...

Mandrake Linux Security Advisory : cfengine (MDKSA-2005:184)

Javier Fernndez-Sanguino Pea discovered several insecure temporary file uses in cfengine = 1.6.5 and = 2.1.16 which allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. CVE-2005-2960 In addition, Javier discovered the cfmailfilter and cfcron.in...

CVE-2005-2960

Removed by vendor...

[SECURITY] [DSA 836-1] New cfengine2 packages fix arbitrary file overwriting

-------------------------------------------------------------------------- Debian Security Advisory DSA 836-1 [email protected] http://www.debian.org/security/ Martin Schulze October 1st, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting

-------------------------------------------------------------------------- Debian Security Advisory DSA 835-1 [email protected] http://www.debian.org/security/ Martin Schulze October 1st, 2005 http://www.debian.org/security/faq -...