From 1389eab081c200e22c3b6534ab8bad02baddf6c0 Mon Sep 17 00:00:00 2001 From: "Simon L. B. Nielsen" Date: Sat, 1 Oct 2005 15:21:56 +0000 Subject: Document cfengine -- arbitrary file overwriting vulnerability. --- security/vuxml/vuln.xml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a955da204b6c..c7cc3b6c3045 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,38 @@ Note: Please add new entries to the beginning of this file. --> + + cfengine -- arbitrary file overwriting vulnerability + + + cfengine + 0 + + + + +

A Debian Security Advisory reports:

+
Javier Fernández-Sanguino Peña discovered several + insecure temporary file uses in cfengine, a tool for + configuring and maintaining networked machines, that can + be exploited by a symlink attack to overwrite arbitrary + files owned by the user executing cfengine, which is + probably root.
+

+ + + + CAN-2005-2960 + http://www.debian.org/security/2005/dsa-835 + http://www.debian.org/security/2005/dsa-836 + + + 2005-10-01 + 2005-10-01 + + + clamav -- arbitrary code execution and DoS vulnerabilities -- cgit v1.2.3