CVE-2005-2960

Name of the Vulnerable Software and Affected Versions cfengine versions 1.6.5 through 2.1.16

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. This can lead to a disruption of protected information integrity. The exploitation of the issue can be carried out by a local attacker.

Recommendations For versions 1.6.5 through 2.1.16, consider restricting access to the vicf.in file to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vicf.in file until the issue is resolved.