CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

224 matches found

Ubuntu•added 2005/10/10 11:55 p.m.•48 views

USN-198-1: cfengine vulnerabilities

Javier Fernández-Sanguino Peña discovered that several tools in the cfengine package vicf, cfmailfilter, and cfcron create and use temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user...

2.1CVSS5.5AI score0.00428EPSS

Exploits0

securityvulns•added 2005/10/10 12:0 a.m.•46 views

[Full-disclosure] [USN-198-1] cfengine vulnerabilities

=========================================================== Ubuntu Security Notice USN-198-1 October 10, 2005 cfengine vulnerabilities CAN-2005-2960, CAN-2005-3137 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 Warty...

2.1CVSS0.3AI score0.00428EPSS

Exploits0

securityvulns•added 2005/10/10 12:0 a.m.•27 views

cfengine symbolic links problem

Symbolic links problem during temporary files creation in multiple package utilities...

1.8AI score

Exploits0References1Affected Software1

UbuntuCve•added 2005/10/05 7:2 p.m.•22 views

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137...

2.1CVSS6AI score0.00428EPSS

Exploits0References2

UbuntuCve•added 2005/10/05 7:2 p.m.•21 views

CVE-2005-3137

The 1 cfmailfilter and 2 cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960...

2.1CVSS6AI score0.00428EPSS

Exploits0References2

NVD•added 2005/10/05 7:2 p.m.•17 views

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137...

2.1CVSS6AI score0.00428EPSS

Exploits0References15

Cvelist•added 2005/10/05 4:0 a.m.•26 views

CVE-2005-3137

The 1 cfmailfilter and 2 cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960...

6.1AI score0.00428EPSS

Exploits0References13

CVE•added 2005/10/05 4:0 a.m.•62 views

CVE-2005-2960

CVE-2005-2960 affects cfengine versions 1.6.5 and 2.1.16. The issue arises from insecure temporary file handling, allowing a local user to perform a symlink attack and overwrite arbitrary files owned by the user executing cfengine (likely root). The problem is tied to the vicf.in temporary files ...

2.1CVSS6AI score0.00428EPSS

Exploits0References15Affected Software1

Cvelist•added 2005/10/05 4:0 a.m.•31 views

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137...

6AI score0.00428EPSS

Exploits0References15

Debian CVE•added 2005/10/05 4:0 a.m.•24 views

CVE-2005-3137

Removed by vendor...

2.1CVSS6.6AI score0.00428EPSS

Exploits0

Debian CVE•added 2005/10/05 4:0 a.m.•22 views

CVE-2005-2960

Removed by vendor...

2.1CVSS6.6AI score0.00428EPSS

Exploits0

Tenable Nessus•added 2005/10/05 12:0 a.m.•32 views

Debian DSA-835-1 : cfengine - insecure temporary files

Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine, which is probably root. %NASLMINLEVEL...

2.1CVSS5.5AI score0.00428EPSS

Exploits0References3

Debian•added 2005/10/01 7:56 a.m.•21 views

[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting

-------------------------------------------------------------------------- Debian Security Advisory DSA 835-1 [email protected] http://www.debian.org/security/ Martin Schulze October 1st, 2005 http://www.debian.org/security/faq -...

2.1CVSS0.5AI score0.00428EPSS

Exploits0

Debian•added 2005/10/01 7:56 a.m.•30 views

[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting

2.1CVSS6.5AI score0.00428EPSS

Exploits0

OSV•added 2005/10/01 12:0 a.m.•21 views

DSA-835-1 cfengine - insecure temporary files

Bulletin has no description...

2.1CVSS6AI score0.00428EPSS

Exploits0

CVE•added 2005/02/21 5:0 a.m.•44 views

CVE-2004-1702

CVE-2004-1702 affects Cfengine cfservd (versions 2.0.0–2.1.7p1). The vulnerability is in cfservd’s AuthenticationDialogue() where the return value of ReceiveTransaction is not properly handled, causing a failed malloc and a null dereference that can crash the process. OpenVAS and Gentoo GLSA desc...

5CVSS6.4AI score0.02408EPSS

Exploits1References6Affected Software1

Cvelist•added 2005/02/21 5:0 a.m.•32 views

CVE-2004-1701

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication...

7.9AI score0.19508EPSS

Exploits1References7

CVE•added 2005/02/21 5:0 a.m.•45 views

CVE-2004-1701

CVE-2004-1701 describes a remote vulnerability in Cfengine’s cfservd: a heap-based buffer overflow in the AuthenticationDialogue() function allows an attacker to execute arbitrary code via a long SAUTH command during RSA authentication, affecting Cfengine 2.0.0 through 2.1.7p1. Public records als...

10CVSS7.9AI score0.19508EPSS

Exploits1References7Affected Software1

Debian CVE•added 2005/02/21 5:0 a.m.•19 views

CVE-2004-1701

Removed by vendor...

10CVSS6.7AI score0.19508EPSS

Exploits1

Debian CVE•added 2005/02/21 5:0 a.m.•23 views

CVE-2004-1702

Removed by vendor...

5CVSS6.7AI score0.02408EPSS

Exploits1