Summary
The remote host is missing an update to cfengine2
announced via advisory DSA 836-1.
Javier Fernandez-Sanguino Pena discovered insecure temporary file use in cfengine2, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine, which is probably root.
The old stable distribution (woody) is not affected by this problem.
Solution
For the stable distribution (sarge) these problems have been fixed in version 2.1.14-1sarge1.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your cfengine2 package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20836-1
Severity
Classification
-
CVE CVE-2005-2960 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities