File Overwrite Vulnerability in CFEngine Products by CFEngine
CVE-2005-2960

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
5 October 2005

Summary

CFEngine versions 1.6.5 and 2.1.16 are susceptible to a file overwrite issue originating from the use of temporary files by the vicf.in component. This vulnerability allows local users to conduct a symlink attack, potentially overwriting arbitrary files on the system. This poses a significant risk to system integrity and underscores the necessity for users to apply appropriate security patches and updates to mitigate the threat.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.