4 matches found
FreeBSD : cfengine -- arbitrary file overwriting vulnerability (8688d5cd-328c-11da-a263-0001020eed82)
A Debian Security Advisory reports : Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine,...
Mandrake Linux Security Advisory : cfengine (MDKSA-2005:184)
Javier Fernndez-Sanguino Pea discovered several insecure temporary file uses in cfengine = 1.6.5 and = 2.1.16 which allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. CVE-2005-2960 In addition, Javier discovered the cfmailfilter and cfcron.in...
CVE-2005-2960
Removed by vendor...
[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting
-------------------------------------------------------------------------- Debian Security Advisory DSA 835-1 [email protected] http://www.debian.org/security/ Martin Schulze October 1st, 2005 http://www.debian.org/security/faq -...