Buffer Overflow Vulnerability in cfengine 2.x by Cfengine
CVE-2003-0849

Currently unrated

Key Information:

Vendor: Gnu
Status: Cfengine
Vendor: CVE Published:; 17 November 2003

Summary

A buffer overflow exists in the cfengine remote agent due to improper handling of packet length values in net.c. This vulnerability could be exploited by remote attackers to send specially crafted packets that overflow the buffer, potentially allowing them to execute arbitrary code on the target system. The flaw is present in cfengine versions prior to 2.0.8, making systems running these versions particularly vulnerable when the ReceiveTransaction function processes the malicious input.

References

http://marc.info/?l=bugtraq&m=106451047819552&w=2

mailing-listx_refsource_BUGTRAQ

http://marc.info/?l=bugtraq&m=106485375218280&w=2

mailing-listx_refsource_BUGTRAQ

http://marc.info/?l=bugtraq&m=106546086216984&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 17, 2003
Vulnerability Reserved
Oct 8, 2003