cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cfengine | Gnu | 1.5 (including) | 1.5 (including) |
| Cfengine | Gnu | 1.5.3-4 (including) | 1.5.3-4 (including) |
| Cfengine | Gnu | 1.6-a10 (including) | 1.6-a10 (including) |
| Cfengine | Gnu | 1.6-a11 (including) | 1.6-a11 (including) |
| Cfengine | Gnu | 1.6.5 (including) | 1.6.5 (including) |
| Cfengine | Gnu | 2.0.0 (including) | 2.0.0 (including) |
| Cfengine | Gnu | 2.0.1 (including) | 2.0.1 (including) |
| Cfengine | Gnu | 2.0.2 (including) | 2.0.2 (including) |
| Cfengine | Gnu | 2.0.3 (including) | 2.0.3 (including) |
| Cfengine | Gnu | 2.0.4 (including) | 2.0.4 (including) |
| Cfengine | Gnu | 2.0.5 (including) | 2.0.5 (including) |
| Cfengine | Gnu | 2.0.5-b1 (including) | 2.0.5-b1 (including) |
| Cfengine | Gnu | 2.0.5-pre (including) | 2.0.5-pre (including) |
| Cfengine | Gnu | 2.0.5-pre2 (including) | 2.0.5-pre2 (including) |
| Cfengine | Gnu | 2.0.6 (including) | 2.0.6 (including) |
| Cfengine | Gnu | 2.0.7 (including) | 2.0.7 (including) |
| Cfengine | Gnu | 2.0.7-p1 (including) | 2.0.7-p1 (including) |
| Cfengine | Gnu | 2.0.7-p2 (including) | 2.0.7-p2 (including) |
| Cfengine | Gnu | 2.0.7-p3 (including) | 2.0.7-p3 (including) |
| Cfengine | Gnu | 2.0.8 (including) | 2.0.8 (including) |
| Cfengine | Gnu | 2.0.8-p1 (including) | 2.0.8-p1 (including) |
| Cfengine | Gnu | 2.1.0-a6 (including) | 2.1.0-a6 (including) |
| Cfengine | Gnu | 2.1.0-a8 (including) | 2.1.0-a8 (including) |
| Cfengine | Gnu | 2.1.0-a9 (including) | 2.1.0-a9 (including) |
| Cfengine | Gnu | 2.1.7-p1 (including) | 2.1.7-p1 (including) |
| Cfengine | Gnu | 2.1.8 (including) | 2.1.8 (including) |
| Cfengine | Gnu | 2.1.9 (including) | 2.1.9 (including) |
| Cfengine | Gnu | 2.1.16 (including) | 2.1.16 (including) |
| Cfengine | Ubuntu | dapper | * |
| Cfengine | Ubuntu | edgy | * |