Gnu: >> Cfengine >> 1.5 Security Vulnerabilities
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-10-05
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
CVSS Score
10.0
EPSS Score
0.009
Published
2000-12-19