Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2005-2960

Published: 05/10/2005 Updated: 11/07/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Gnu

Vulnerability Summary

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu cfengine 1.5.3-4

gnu cfengine 1.6.5

gnu cfengine 2.0.4

gnu cfengine 2.0.5

gnu cfengine 2.0.7

gnu cfengine 2.1.8

gnu cfengine 2.1.9

gnu cfengine 1.5

gnu cfengine 2.0.2

gnu cfengine 2.0.3

gnu cfengine 2.1.16

gnu cfengine 2.1.7

gnu cfengine 2.0.0

gnu cfengine 2.0.1

gnu cfengine 2.0.6

gnu cfengine 2.1.0

gnu cfengine 1.6

gnu cfengine 2.0.8

debian debian linux 3.1

Vendor Advisories

Ubuntu Security Notice: cfengine vulnerabilities
Javier Fern�ndez-Sanguino Pe�a discovered that several tools in the cfengine package (vicf, cfmailfilter, and cfcron) create and use temporary files in an insecure way A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running the cfengine program ...
Debian Security Advisories: DSA-836-1 cfengine2 -- insecure temporary files
Javier Fernández-Sanguino Peña discovered insecure temporary file use in cfengine2, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine, which is probably root The oldstable distribution (woody) is not affected by this problem For ...

References

NVD-CWE-Otherhttp://bugs.gentoo.org/show_bug.cgi?id=107871http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0http://www.debian.org/security/2005/dsa-835http://www.debian.org/security/2005/dsa-836http://secunia.com/advisories/17037/http://www.securityfocus.com/bid/14994http://www.ubuntu.com/usn/usn-198-1http://secunia.com/advisories/17038http://secunia.com/advisories/17040http://secunia.com/advisories/17142http://secunia.com/advisories/17182http://www.novell.com/linux/security/advisories/2005_23_sr.htmlhttp://secunia.com/advisories/17215http://www.mandriva.com/security/advisories?name=MDKSA-2005:184https://exchange.xforce.ibmcloud.com/vulnerabilities/22489https://usn.ubuntu.com/198-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook