FreeBSD : cfengine -- arbitrary file overwriting vulnerability (8688d5cd-328c-11da-a263-0001020eed82)
Low Nessus Plugin ID 21464
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA Debian Security Advisory reports :
Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine, which is probably root.
SolutionUpdate the affected packages.