Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2960

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-2960
Last Modified 02 Apr 2010 01:35:22
Published 05 Oct 2005 03:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2960

Summary

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

Vulnerable Systems

Operating System

  • Debian Linux 3.1

Application

  • Gnu Cfengine 1.5

  • Gnu Cfengine 1.5.3-4

  • Gnu Cfengine 1.6

  • Gnu Cfengine 1.6.5

  • Gnu Cfengine 2.0.0

  • Gnu Cfengine 2.0.1

  • Gnu Cfengine 2.0.2

  • Gnu Cfengine 2.0.3

  • Gnu Cfengine 2.0.4

  • Gnu Cfengine 2.0.5

  • Gnu Cfengine 2.0.6

  • Gnu Cfengine 2.0.7

  • Gnu Cfengine 2.0.8

  • Gnu Cfengine 2.1.0

  • Gnu Cfengine 2.1.16

  • Gnu Cfengine 2.1.7

  • Gnu Cfengine 2.1.8

  • Gnu Cfengine 2.1.9


References

DEBIAN - DSA-836

DEBIAN - DSA-835

MISC - http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0

XF - cfengine-mulitple-file-symlink(22489)

BID - 14994

SECUNIA - 17037

MISC - http://bugs.gentoo.org/show_bug.cgi?id=107871

UBUNTU - USN-198-1

SUSE - SUSE-SR:2005:023

MANDRIVA - MDKSA-2005:184

SECUNIA - 17215

SECUNIA - 17182

SECUNIA - 17142

SECUNIA - 17040

SECUNIA - 17038


Last Updated: 27 May 2016 10:40:42