Vulnerabilities of the Debian GNU/Linux operating system that allow a local malicious individual to compromise the integrity of protected information

The cfengine package of the Debian GNU/Linux operating system has multiple vulnerabilities that, if exploited, could lead to the compromise of protected information. These vulnerabilities can be exploited by local malicious individuals...

CORE-2004-0714: Cfengine RSA Authentication Heap Corruption

Core Security Technologies Advisory http://www.coresecurity.com Cfengine RSA Authentication Heap Corruption Date Published: 2004-08-09 Last Update: 2004-08-09 Advisory ID: CORE-2004-0714 Bugtraq ID: None currently assigned. CVE Name: None currently assigned. Title: Cfengine RSA Authentication Hea...

Серьезные дырки в cfengine

Многочисленные ошибки форматной строки позволяют получить root удаленно...

[SECURITY] New versions of cfengine fixes symlink attack

The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspectible to a symlink attack. The author has been notified of the problem but has not released a fix yet. We recommend y...