Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:184: cfengine Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the cfengine package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:184 (cfengine).
Javier Fernández-Sanguino Peña discovered several insecure temporary file uses
in cfengine <= 1.6.5 and <= 2.1.16 which allows local users to overwrite
arbitrary files via a symlink attack on temporary files used by vicf.in.
In addition, Javier discovered the cfmailfilter and cfcron.in files for
cfengine <= 1.6.5 allow local users to overwrite arbitrary files via a symlink
attack on temporary files (CVE-2005-3137)
The updated packages have been patched to address this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:184
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.