exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2005.184

Mandriva Linux Security Advisory 2005.184
Posted Oct 18, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - Javier Fern

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2005-2960
SHA-256 | a472be172d6fc469059b32dbc8d04e92cd576537b8caa4a88e1e5ba9d613c3d2
Download | Favorite | View

Mandriva Linux Security Advisory 2005.184

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           cfengine
 Advisory ID:            MDKSA-2005:184
 Date:                   October 13th, 2005

 Affected versions:   10.1, 10.2, 2006.0, Corporate 3.0,
       Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Javier Fernández-Sanguino Peña discovered several insecure temporary
 file uses in cfengine <= 1.6.5 and  <= 2.1.16 which allows local users
 to overwrite arbitrary files via a symlink attack on temporary files
 used by vicf.in. (CAN-2005-2960)
 
 In addition, Javier discovered the cfmailfilter and cfcron.in files
 for cfengine <= 1.6.5 allow local users to overwrite arbitrary files
 via a symlink attack on temporary files (CAN-2005-3137)
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2960
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3137
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.1:
 acf648169c296d474886d1d98752a763  10.1/RPMS/cfengine-1.6.5-4.3.101mdk.i586.rpm
 176cbf5b72aba7c6a2b40daf4ee09c94  10.1/SRPMS/cfengine-1.6.5-4.3.101mdk.src.rpm

 Mandrivalinux 10.1/X86_64:
 a9bed51735d6762fe3e1d66c8657f65a  x86_64/10.1/RPMS/cfengine-1.6.5-4.3.101mdk.x86_64.rpm
 176cbf5b72aba7c6a2b40daf4ee09c94  x86_64/10.1/SRPMS/cfengine-1.6.5-4.3.101mdk.src.rpm

 Mandrivalinux 10.2:
 426fd00421697c85c0e63f527faac7e8  10.2/RPMS/cfengine-2.1.12-7.2.102mdk.i586.rpm
 edd39a03e85f5176a0c28667cc91c388  10.2/RPMS/cfengine-cfservd-2.1.12-7.2.102mdk.i586.rpm
 5c9a0c525c45a802f5d89686123e751c  10.2/SRPMS/cfengine-2.1.12-7.2.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 e75f232aa540e80fb9a12558d0c1f105  x86_64/10.2/RPMS/cfengine-2.1.12-7.2.102mdk.x86_64.rpm
 3680ec121accdf0cdf1830b374d804ee  x86_64/10.2/RPMS/cfengine-cfservd-2.1.12-7.2.102mdk.x86_64.rpm
 5c9a0c525c45a802f5d89686123e751c  x86_64/10.2/SRPMS/cfengine-2.1.12-7.2.102mdk.src.rpm

 Mandrivalinux 2006.0:
 61f3c7fe9cf1a69e889cfa4d476473af  2006.0/RPMS/cfengine-base-2.1.15-2.2.20060mdk.i586.rpm
 5a7d6087787de6a9f98288c415562ced  2006.0/RPMS/cfengine-cfagent-2.1.15-2.2.20060mdk.i586.rpm
 0cd9ecbccf2a0b4e775d6629b1b7416f  2006.0/RPMS/cfengine-cfenvd-2.1.15-2.2.20060mdk.i586.rpm
 5c10e7371d807d4f42f2524f24809a92  2006.0/RPMS/cfengine-cfexecd-2.1.15-2.2.20060mdk.i586.rpm
 0bd54480c32575625f3d42badf59d690  2006.0/RPMS/cfengine-cfservd-2.1.15-2.2.20060mdk.i586.rpm
 1b3213afe77bd75af306a63f746994cd  2006.0/SRPMS/cfengine-2.1.15-2.2.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 e81ea72b0431a8cc40753a6dee7037d2  x86_64/2006.0/RPMS/cfengine-base-2.1.15-2.2.20060mdk.x86_64.rpm
 f997658d8fa1dea25353906141443ba9  x86_64/2006.0/RPMS/cfengine-cfagent-2.1.15-2.2.20060mdk.x86_64.rpm
 bc560e64dc5de8046b9d14be43621a10  x86_64/2006.0/RPMS/cfengine-cfenvd-2.1.15-2.2.20060mdk.x86_64.rpm
 1d3cb518f0266f57c182712350935fb8  x86_64/2006.0/RPMS/cfengine-cfexecd-2.1.15-2.2.20060mdk.x86_64.rpm
 db890abf046c63d91fc5fb60c6b796a8  x86_64/2006.0/RPMS/cfengine-cfservd-2.1.15-2.2.20060mdk.x86_64.rpm
 1b3213afe77bd75af306a63f746994cd  x86_64/2006.0/SRPMS/cfengine-2.1.15-2.2.20060mdk.src.rpm

 Corporate Server 2.1:
 12057e0591bdb14e49b74d5c1c268196  corporate/2.1/RPMS/cfengine-1.6.3-8.3.C21mdk.i586.rpm
 4026484a33d7d324da1dce56fd697842  corporate/2.1/SRPMS/cfengine-1.6.3-8.3.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 4dc4d9a367d056f053af80118cee8886  x86_64/corporate/2.1/RPMS/cfengine-1.6.3-8.3.C21mdk.x86_64.rpm
 4026484a33d7d324da1dce56fd697842  x86_64/corporate/2.1/SRPMS/cfengine-1.6.3-8.3.C21mdk.src.rpm

 Corporate 3.0:
 0c82f22f7ef0f6db35eb5f19caba9d2d  corporate/3.0/RPMS/cfengine-1.6.5-3.3.C30mdk.i586.rpm
 ac84162471431da5f5afae45d48ca5c8  corporate/3.0/SRPMS/cfengine-1.6.5-3.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 bb704e30c6f6c0edb0b03d6a6d6c62d3  x86_64/corporate/3.0/RPMS/cfengine-1.6.5-3.3.C30mdk.x86_64.rpm
 ac84162471431da5f5afae45d48ca5c8  x86_64/corporate/3.0/SRPMS/cfengine-1.6.5-3.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDTybimqjQ0CJFipgRAnAGAKCwLA12aj2WBEZPLtGTHajy6/2QggCcCkA5
FWV/Ex2QdPdLfLAJjl/YiME=
=RgFb
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close