cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
Software | From | Fixed in |
---|---|---|
debian / debian_linux | 3.1 | 3.1.x |
gnu / cfengine | 1.5 | 1.5.x |
gnu / cfengine | 1.5.3-4 | 1.5.3-4.x |
gnu / cfengine | 1.6-a10 | 1.6-a10.x |
gnu / cfengine | 1.6-a11 | 1.6-a11.x |
gnu / cfengine | 1.6.5 | 1.6.5.x |
gnu / cfengine | 2.0.0 | 2.0.0.x |
gnu / cfengine | 2.0.1 | 2.0.1.x |
gnu / cfengine | 2.0.2 | 2.0.2.x |
gnu / cfengine | 2.0.3 | 2.0.3.x |
gnu / cfengine | 2.0.4 | 2.0.4.x |
gnu / cfengine | 2.0.5 | 2.0.5.x |
gnu / cfengine | 2.0.5-b1 | 2.0.5-b1.x |
gnu / cfengine | 2.0.5-pre | 2.0.5-pre.x |
gnu / cfengine | 2.0.5-pre2 | 2.0.5-pre2.x |
gnu / cfengine | 2.0.6 | 2.0.6.x |
gnu / cfengine | 2.0.7 | 2.0.7.x |
gnu / cfengine | 2.0.7-p1 | 2.0.7-p1.x |
gnu / cfengine | 2.0.7-p2 | 2.0.7-p2.x |
gnu / cfengine | 2.0.7-p3 | 2.0.7-p3.x |
gnu / cfengine | 2.0.8 | 2.0.8.x |
gnu / cfengine | 2.0.8-p1 | 2.0.8-p1.x |
gnu / cfengine | 2.1.0-a6 | 2.1.0-a6.x |
gnu / cfengine | 2.1.0-a8 | 2.1.0-a8.x |
gnu / cfengine | 2.1.0-a9 | 2.1.0-a9.x |
gnu / cfengine | 2.1.16 | 2.1.16.x |
gnu / cfengine | 2.1.7-p1 | 2.1.7-p1.x |
gnu / cfengine | 2.1.8 | 2.1.8.x |
gnu / cfengine | 2.1.9 | 2.1.9.x |