CVE-2005-2960 — Cfengine vulnerability

5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 77.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Linux GNU Cfengine

Timeline

PublishedOct 5

Latest updateMay 1

Description

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDgnu/cfengine18 versions+17

Also affects: Debian Linux 3.1

Patches

Patch: groups.google.com ↗Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-wgqp-qmfp-f6mf: cfengine 1↗2022-05-01

▶

CVEList

CVE-2005-2960: cfengine 1↗2005-10-05

▶

📋Vendor Advisories

Ubuntu

cfengine vulnerabilities↗2005-10-10

▶

💬Community

Bugzilla

cfengine: CAN-2005-2960 (insecure temp file)↗2005-10-15

▶