CVE-2005-3137

4 documents4 sources
Severity
2.1LOW
EPSS
0.1%
top 78.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Cfengine
Timeline
PublishedOct 5
Latest updateMay 1

Description

The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDgnu/cfengine1.6.5

Patches

Patch: www.debian.orgPatch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-hfq5-xp8f-5693: The (1) cfmailfilter and (2) cfcron2022-05-01
CVEList
CVE-2005-3137: The (1) cfmailfilter and (2) cfcron2005-10-05

📋Vendor Advisories

1
Ubuntu
cfengine vulnerabilities2005-10-10
CVE-2005-3137 (LOW CVSS 2.1) | The (1) cfmailfilter and (2) cfcron | cvebase.io