CVE-2005-2960Cfengine vulnerability

5 documents5 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 77.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LinuxGNU Cfengine
Timeline
PublishedOct 5
Latest updateMay 1

Description

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDgnu/cfengine18 versions+17

Also affects: Debian Linux 3.1

Patches

Patch: groups.google.comPatch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-wgqp-qmfp-f6mf: cfengine 12022-05-01
CVEList
CVE-2005-2960: cfengine 12005-10-05

📋Vendor Advisories

1
Ubuntu
cfengine vulnerabilities2005-10-10

💬Community

1
Bugzilla
cfengine: CAN-2005-2960 (insecure temp file)2005-10-15
CVE-2005-2960 — GNU Cfengine vulnerability | cvebase