Symlink Attack Vulnerability in Cfengine by Cfengine
CVE-2005-3137

Currently unrated

Key Information:

Vendor: Gnu
Status: Cfengine
Vendor: CVE Published:; 5 October 2005

Summary

The cfmailfilter and cfcron.in files in Cfengine 1.6.5 are susceptible to a symlink attack, allowing local users to overwrite arbitrary files by exploiting temporary files. This raises significant security concerns as attackers can manipulate file system permissions and compromise system integrity. Prompt patching and proper permission management are essential to mitigate this risk.

References

http://bugs.gentoo.org/show_bug.cgi?id=107871

x_refsource_MISC

http://secunia.com/advisories/17040

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/22489

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 5, 2005
Vulnerability Reserved
Oct 5, 2005