File Overwrite Vulnerability in CFEngine Products by CFEngine
CVE-2005-2960

Currently unrated

Key Information:

Vendor: Gnu
Status: Cfengine
Vendor: CVE Published:; 5 October 2005

Summary

CFEngine versions 1.6.5 and 2.1.16 are susceptible to a file overwrite issue originating from the use of temporary files by the vicf.in component. This vulnerability allows local users to conduct a symlink attack, potentially overwriting arbitrary files on the system. This poses a significant risk to system integrity and underscores the necessity for users to apply appropriate security patches and updates to mitigate the threat.

References

http://bugs.gentoo.org/show_bug.cgi?id=107871

x_refsource_MISC

http://secunia.com/advisories/17040

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/22489

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 5, 2005
Vulnerability Reserved
Sep 19, 2005