Debian Security Advisory
cfengine -- Security problem with temp file handling.
- Date Reported:
- 15 Feb 1999
- Affected Packages:
- cfengine
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-1999-0374.
- More information:
- The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on home directories, which makes it susceptible to a symlink attack. The author has been notified of the problem but has not released a fix yet.
- Fixed in:
-
Source: http://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9.orig.tar.gz
http://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.diff.gz
http://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.dsc
i386: http://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_i386.deb
m68k: http://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_m68k.deb