PT-2005-5597 · Cfengine · Cfengine

Javier Fernández-Sanguino Peña

Published

1970-01-01

Updated

2017-07-11

CVE-2005-2960

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions cfengine versions 1.6.5 through 2.1.16

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. This can lead to a disruption of protected information integrity. The exploitation of the issue can be carried out by a local attacker.

Recommendations For versions 1.6.5 through 2.1.16, consider restricting access to the vicf.in file to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vicf.in file until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-03294

BDU:2015-03295

BDU:2015-03296

BDU:2015-03297

CVE-2005-2960

DSA-835-1

DSA-836-1

Affected Products

Cfengine

PT-2005-5597 · Cfengine · Cfengine

CVE-2005-2960

Related Identifiers

Affected Products

References · 24