Mandrake Linux Security Advisory : cfengine (MDKSA-2005:184)

Javier Fernndez-Sanguino Pea discovered several insecure temporary file uses in cfengine = 1.6.5 and = 2.1.16 which allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. CVE-2005-2960 In addition, Javier discovered the cfmailfilter and cfcron.in...

CVE-2005-3137

The 1 cfmailfilter and 2 cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960...

CVE-2005-3137

CVE-2005-3137 affects cfengine 1.6.5 via insecure temporary file handling in cfmailfilter and cfcron.in, enabling a local user to exploit a symlink to overwrite arbitrary files owned by the executing user (likely root). Connected advisories (Debian DSA-835-1, DSA-836-1) document insecure temporar...