Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3137

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-3137
Last Modified 02 Apr 2010 01:38:22
Published 05 Oct 2005 03:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-3137

Summary

The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.

Vulnerable Systems

Application

  • Gnu Cfengine 1.6.5


References

DEBIAN - DSA-836

DEBIAN - DSA-835

XF - cfengine-mulitple-file-symlink(22489)

BID - 14994

SECUNIA - 17037

MISC - http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0

MISC - http://bugs.gentoo.org/show_bug.cgi?id=107871

UBUNTU - USN-198-1

MANDRIVA - MDKSA-2005:184

SECUNIA - 17182

SECUNIA - 17142

SECUNIA - 17040

SECUNIA - 17038


Last Updated: 27 May 2016 10:40:48