ID CVE-2005-2960
Summary cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
References
Vulnerable Configurations
  • GNU Cfengine 1.5
    cpe:2.3:a:gnu:cfengine:1.5
  • GNU Cfengine 1.5.3_4
    cpe:2.3:a:gnu:cfengine:1.5.3-4
  • GNU Cfengine 1.6.5
    cpe:2.3:a:gnu:cfengine:1.6.5
  • cpe:2.3:a:gnu:cfengine:1.6:a10
    cpe:2.3:a:gnu:cfengine:1.6:a10
  • cpe:2.3:a:gnu:cfengine:1.6:a11
    cpe:2.3:a:gnu:cfengine:1.6:a11
  • GNU Cfengine 2.0.0
    cpe:2.3:a:gnu:cfengine:2.0.0
  • GNU Cfengine 2.0.1
    cpe:2.3:a:gnu:cfengine:2.0.1
  • GNU Cfengine 2.0.2
    cpe:2.3:a:gnu:cfengine:2.0.2
  • GNU Cfengine 2.0.3
    cpe:2.3:a:gnu:cfengine:2.0.3
  • GNU Cfengine 2.0.4
    cpe:2.3:a:gnu:cfengine:2.0.4
  • GNU Cfengine 2.0.5
    cpe:2.3:a:gnu:cfengine:2.0.5
  • cpe:2.3:a:gnu:cfengine:2.0.5:b1
    cpe:2.3:a:gnu:cfengine:2.0.5:b1
  • cpe:2.3:a:gnu:cfengine:2.0.5:pre
    cpe:2.3:a:gnu:cfengine:2.0.5:pre
  • cpe:2.3:a:gnu:cfengine:2.0.5:pre2
    cpe:2.3:a:gnu:cfengine:2.0.5:pre2
  • GNU Cfengine 2.0.6
    cpe:2.3:a:gnu:cfengine:2.0.6
  • GNU Cfengine 2.0.7
    cpe:2.3:a:gnu:cfengine:2.0.7
  • cpe:2.3:a:gnu:cfengine:2.0.7:p1
    cpe:2.3:a:gnu:cfengine:2.0.7:p1
  • cpe:2.3:a:gnu:cfengine:2.0.7:p2
    cpe:2.3:a:gnu:cfengine:2.0.7:p2
  • cpe:2.3:a:gnu:cfengine:2.0.7:p3
    cpe:2.3:a:gnu:cfengine:2.0.7:p3
  • GNU Cfengine 2.0.8
    cpe:2.3:a:gnu:cfengine:2.0.8
  • cpe:2.3:a:gnu:cfengine:2.0.8:p1
    cpe:2.3:a:gnu:cfengine:2.0.8:p1
  • cpe:2.3:a:gnu:cfengine:2.1.0:a6
    cpe:2.3:a:gnu:cfengine:2.1.0:a6
  • cpe:2.3:a:gnu:cfengine:2.1.0:a8
    cpe:2.3:a:gnu:cfengine:2.1.0:a8
  • cpe:2.3:a:gnu:cfengine:2.1.0:a9
    cpe:2.3:a:gnu:cfengine:2.1.0:a9
  • GNU Cfengine 2.1.16
    cpe:2.3:a:gnu:cfengine:2.1.16
  • cpe:2.3:a:gnu:cfengine:2.1.7:p1
    cpe:2.3:a:gnu:cfengine:2.1.7:p1
  • GNU Cfengine 2.1.8
    cpe:2.3:a:gnu:cfengine:2.1.8
  • GNU Cfengine 2.1.9
    cpe:2.3:a:gnu:cfengine:2.1.9
  • Debian Debian Linux 3.1
    cpe:2.3:o:debian:debian_linux:3.1
  • cpe:2.3:o:debian:debian_linux:3.1:-:alpha
    cpe:2.3:o:debian:debian_linux:3.1:-:alpha
  • cpe:2.3:o:debian:debian_linux:3.1:-:amd64
    cpe:2.3:o:debian:debian_linux:3.1:-:amd64
  • cpe:2.3:o:debian:debian_linux:3.1:-:arm
    cpe:2.3:o:debian:debian_linux:3.1:-:arm
  • cpe:2.3:o:debian:debian_linux:3.1:-:hppa
    cpe:2.3:o:debian:debian_linux:3.1:-:hppa
  • cpe:2.3:o:debian:debian_linux:3.1:-:ia-32
    cpe:2.3:o:debian:debian_linux:3.1:-:ia-32
  • cpe:2.3:o:debian:debian_linux:3.1:-:ia-64
    cpe:2.3:o:debian:debian_linux:3.1:-:ia-64
  • cpe:2.3:o:debian:debian_linux:3.1:-:m68k
    cpe:2.3:o:debian:debian_linux:3.1:-:m68k
  • cpe:2.3:o:debian:debian_linux:3.1:-:mips
    cpe:2.3:o:debian:debian_linux:3.1:-:mips
  • cpe:2.3:o:debian:debian_linux:3.1:-:mipsel
    cpe:2.3:o:debian:debian_linux:3.1:-:mipsel
  • cpe:2.3:o:debian:debian_linux:3.1:-:ppc
    cpe:2.3:o:debian:debian_linux:3.1:-:ppc
  • cpe:2.3:o:debian:debian_linux:3.1:-:s-390
    cpe:2.3:o:debian:debian_linux:3.1:-:s-390
  • cpe:2.3:o:debian:debian_linux:3.1:-:sparc
    cpe:2.3:o:debian:debian_linux:3.1:-:sparc
CVSS
Base: 2.1 (as of 06-10-2005 - 20:11)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-835.NASL
    description Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine, which is probably root.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19804
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19804
    title Debian DSA-835-1 : cfengine - insecure temporary files
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-184.NASL
    description Javier Fernández-Sanguino Peña discovered several insecure temporary file uses in cfengine <= 1.6.5 and <= 2.1.16 which allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. (CVE-2005-2960) In addition, Javier discovered the cfmailfilter and cfcron.in files for cfengine <= 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files (CVE-2005-3137) The updated packages have been patched to address this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20043
    published 2005-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20043
    title Mandrake Linux Security Advisory : cfengine (MDKSA-2005:184)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-836.NASL
    description Javier Fernandez-Sanguino Pena discovered insecure temporary file use in cfengine2, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine, which is probably root. The oldstable distribution (woody) is not affected by this problem.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19805
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19805
    title Debian DSA-836-1 : cfengine2 - insecure temporary files
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-198-1.NASL
    description Javier Fernandez-Sanguino Pena discovered that several tools in the cfengine package (vicf, cfmailfilter, and cfcron) create and use temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running the cfengine program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20612
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20612
    title Ubuntu 4.10 / 5.04 : cfengine vulnerabilities (USN-198-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8688D5CD328C11DAA2630001020EED82.NASL
    description A Debian Security Advisory reports : Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine, which is probably root.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21464
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21464
    title FreeBSD : cfengine -- arbitrary file overwriting vulnerability (8688d5cd-328c-11da-a263-0001020eed82)
refmap via4
bid 14994
debian
  • DSA-835
  • DSA-836
mandriva MDKSA-2005:184
misc
secunia
  • 17037
  • 17038
  • 17040
  • 17142
  • 17182
  • 17215
suse SUSE-SR:2005:023
ubuntu USN-198-1
xf cfengine-mulitple-file-symlink(22489)
Last major update 02-04-2010 - 01:35
Published 05-10-2005 - 15:02
Last modified 10-07-2017 - 21:33
Back to Top