CVE-2005-3137

Name of the Vulnerable Software and Affected Versions cfengine version 1.6.5

Description The issue concerns multiple vulnerabilities in the cfengine package of the Debian GNU/Linux operating system, which can be exploited by a local attacker to compromise the integrity of protected information. Specifically, the cfmailfilter and cfcron.in files for cfengine 1.6.5 are vulnerable to a symlink attack on temporary files, allowing local users to overwrite arbitrary files.

Recommendations For version 1.6.5, consider restricting access to the cfmailfilter and cfcron.in files to prevent local users from exploiting the vulnerability. As a temporary workaround, consider disabling the cfmailfilter and cfcron.in files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.