FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-2960

This CVE name corresponds to:

Entered Topic
2005-10-01 cfengine -- arbitrary file overwriting vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-2960
Phase Assigned(20050919)

Description

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

References

Source Reference
MISC http://bugs.gentoo.org/show_bug.cgi?id=107871
MISC http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0
DEBIAN DSA-835
DEBIAN DSA-836
MANDRIVA MDKSA-2005:184
SUSE SUSE-SR:2005:023
UBUNTU USN-198-1
BID 14994
SECUNIA 17037
SECUNIA 17038
SECUNIA 17040
SECUNIA 17142
SECUNIA 17182
SECUNIA 17215
XF cfengine-mulitple-file-symlink(22489)