Gentoo Security Advisory GLSA 200408-08 (Cfengine)

The remote host is missing updates announced in advisory GLSA 200408-08. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD Ports: cfengine

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: cfengine

The remote host is missing an update to the system as announced in the referenced advisory. VID 8688d5cd-328c-11da-a263-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

GV PostScript Viewer Remote Buffer overflow Exploit

No description provided by source. / gv postscript viewer exploit , infamous42md AT hotpop DOT com run of the mill bof. spawns a remote shell on port 7000. woopty doo. if someone has been able to exploit the heap overflow in cfengine, please email me and teach me something. after days of pain i'v...

Debian Security Advisory DSA 835-1 (cfengine)

The remote host is missing an update to cfengine announced via advisory DSA 835-1. Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrar...

Debian: Security Advisory (DSA-835-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : cfengine -- arbitrary file overwriting vulnerability (8688d5cd-328c-11da-a263-0001020eed82)

A Debian Security Advisory reports : Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine,...

Ubuntu 4.10 / 5.04 : cfengine vulnerabilities (USN-198-1)

Javier Fernandez-Sanguino Pena discovered that several tools in the cfengine package vicf, cfmailfilter, and cfcron create and use temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user...

cfengine CFServD transaction packet buffer overrun vulnerability

Cfengine is running on this remote host. This version is prone to a stack-based buffer overrun vulnerability. An attacker, exploiting this flaw, would need network access to the server as well as the ability to send a crafted transaction packet to the cfservd process. A successful exploitation of...

CFEngine AuthenticationDialogue Vulnerability

CFEngine cfservd is prone to a remote heap-based buffer overrun vulnerability. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CFEngine Detection (Linux/Unix SSH Login)

SSH login-based detection of CFEngine. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.14315";...

cfengine AuthenticationDialogue vulnerability

Cfengine is running on this remote host. cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary checks performed on...

cfengine format string vulnerability

Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog. As a result, trusted hosts and valid users if access controls are not in place can...

cfengine format string vulnerability

Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog. As a result, trusted hosts and valid users if access controls are not in place can...

Mandrake Linux Security Advisory : cfengine (MDKSA-2005:184)

Javier Fernndez-Sanguino Pea discovered several insecure temporary file uses in cfengine = 1.6.5 and = 2.1.16 which allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. CVE-2005-2960 In addition, Javier discovered the cfmailfilter and cfcron.in...

USN-198-1: cfengine vulnerabilities

Javier Fernández-Sanguino Peña discovered that several tools in the cfengine package vicf, cfmailfilter, and cfcron create and use temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user...

cfengine symbolic links problem

Symbolic links problem during temporary files creation in multiple package utilities...

[Full-disclosure] [USN-198-1] cfengine vulnerabilities

=========================================================== Ubuntu Security Notice USN-198-1 October 10, 2005 cfengine vulnerabilities CAN-2005-2960, CAN-2005-3137 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 Warty...

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137...

CVE-2005-3137

The 1 cfmailfilter and 2 cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960...