Executive Summary
Summary | |
---|---|
Title | New cfengine2 packages fix arbitrary file overwriting |
Informations | |||
---|---|---|---|
Name | DSA-836 | First vendor Publication | 2005-10-01 |
Vendor | Debian | Last vendor Modification | 2005-10-01 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Javier Fernández-Sanguino Peña discovered insecure temporary file use in cfengine2, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine, which is probably root. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) these problems have been fixed in version 2.1.14-1sarge1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your cfengine2 package. |
Original Source
Url : http://www.debian.org/security/2005/dsa-836 |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-04 | Name : FreeBSD Ports: cfengine File : nvt/freebsd_cfengine.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 835-1 (cfengine) File : nvt/deb_835_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 836-1 (cfengine2) File : nvt/deb_836_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
19820 | Cfengine cfmailfilter Symlink Arbitrary File Overwrite |
19819 | Cfengine contrib/vicf.in Symlink Arbitrary File Overwrite |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8688d5cd328c11daa2630001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-198-1.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-184.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-835.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-836.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:26 |
|