3 matches found
FreeBSD : cfengine -- arbitrary file overwriting vulnerability (8688d5cd-328c-11da-a263-0001020eed82)
A Debian Security Advisory reports : Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine,...
Mandrake Linux Security Advisory : cfengine (MDKSA-2005:184)
Javier Fernndez-Sanguino Pea discovered several insecure temporary file uses in cfengine = 1.6.5 and = 2.1.16 which allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. CVE-2005-2960 In addition, Javier discovered the cfmailfilter and cfcron.in...
CVE-2005-3137
CVE-2005-3137 affects cfengine 1.6.5 via insecure temporary file handling in cfmailfilter and cfcron.in, enabling a local user to exploit a symlink to overwrite arbitrary files owned by the executing user (likely root). Connected advisories (Debian DSA-835-1, DSA-836-1) document insecure temporar...