CVE-2005-2960

Description

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

Software From Fixed in
debian / debian_linux 3.1 3.1.x
gnu / cfengine 1.5 1.5.x
gnu / cfengine 1.5.3-4 1.5.3-4.x
gnu / cfengine 1.6-a10 1.6-a10.x
gnu / cfengine 1.6-a11 1.6-a11.x
gnu / cfengine 1.6.5 1.6.5.x
gnu / cfengine 2.0.0 2.0.0.x
gnu / cfengine 2.0.1 2.0.1.x
gnu / cfengine 2.0.2 2.0.2.x
gnu / cfengine 2.0.3 2.0.3.x
gnu / cfengine 2.0.4 2.0.4.x
gnu / cfengine 2.0.5 2.0.5.x
gnu / cfengine 2.0.5-b1 2.0.5-b1.x
gnu / cfengine 2.0.5-pre 2.0.5-pre.x
gnu / cfengine 2.0.5-pre2 2.0.5-pre2.x
gnu / cfengine 2.0.6 2.0.6.x
gnu / cfengine 2.0.7 2.0.7.x
gnu / cfengine 2.0.7-p1 2.0.7-p1.x
gnu / cfengine 2.0.7-p2 2.0.7-p2.x
gnu / cfengine 2.0.7-p3 2.0.7-p3.x
gnu / cfengine 2.0.8 2.0.8.x
gnu / cfengine 2.0.8-p1 2.0.8-p1.x
gnu / cfengine 2.1.0-a6 2.1.0-a6.x
gnu / cfengine 2.1.0-a8 2.1.0-a8.x
gnu / cfengine 2.1.0-a9 2.1.0-a9.x
gnu / cfengine 2.1.16 2.1.16.x
gnu / cfengine 2.1.7-p1 2.1.7-p1.x
gnu / cfengine 2.1.8 2.1.8.x
gnu / cfengine 2.1.9 2.1.9.x