Family: Debian Local Security Checks --> Category: infos
[DSA835] DSA-835-1 cfengine Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Javier Fernández-Sanguino Peña discovered several insecure temporary
file uses in cfengine, a tool for configuring and maintaining
networked machines, that can be exploited by a symlink attack to
overwrite arbitrary files owned by the user executing cfengine, which
is probably root.
For the old stable distribution (woody) these problems have been fixed in
For the stable distribution (sarge) these problems have been fixed in
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your cfengine package.
Solution : http://www.debian.org/security/2005/dsa-835
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.