diff options
| author | simon <simon@FreeBSD.org> | 2005-10-01 23:21:56 +0800 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2005-10-01 23:21:56 +0800 |
| commit | a541694b02dffa163166d3b2a4952d1095fdbc84 (patch) | |
| tree | cd99d092606f00e983f6a45204f47d6ec8ced6bb /security | |
| parent | cb39f5c6fe7026e85150f92b4ad5075b2e036c1a (diff) | |
| download | freebsd-ports-gnome-a541694b02dffa163166d3b2a4952d1095fdbc84.tar.gz freebsd-ports-gnome-a541694b02dffa163166d3b2a4952d1095fdbc84.tar.zst freebsd-ports-gnome-a541694b02dffa163166d3b2a4952d1095fdbc84.zip | |
Document cfengine -- arbitrary file overwriting vulnerability.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a955da204b6c..c7cc3b6c3045 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,38 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="8688d5cd-328c-11da-a263-0001020eed82"> + <topic>cfengine -- arbitrary file overwriting vulnerability</topic> + <affects> + <package> + <name>cfengine</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Debian Security Advisory reports:</p> + <blockquote cite="http://www.debian.org/security/2005/dsa-835"> + <p>Javier Fernández-Sanguino Peña discovered several + insecure temporary file uses in cfengine, a tool for + configuring and maintaining networked machines, that can + be exploited by a symlink attack to overwrite arbitrary + files owned by the user executing cfengine, which is + probably root.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2005-2960</cvename> + <url>http://www.debian.org/security/2005/dsa-835</url> + <url>http://www.debian.org/security/2005/dsa-836</url> + </references> + <dates> + <discovery>2005-10-01</discovery> + <entry>2005-10-01</entry> + </dates> + </vuln> + <vuln vid="271498a9-2cd4-11da-a263-0001020eed82"> <topic>clamav -- arbitrary code execution and DoS vulnerabilities</topic> |