Heap-based Buffer Overflow in Cfengine by Cfengine Corp
CVE-2004-1701

Currently unrated

Key Information:

Vendor: Gnu
Status: Cfengine
Vendor: CVE Published:; 9 August 2004

Summary

A heap-based buffer overflow vulnerability exists in the AuthenticationDialogue function of cfservd in Cfengine versions 2.0.0 to 2.1.7p1. This flaw permits remote attackers to potentially execute arbitrary code through a specially crafted long SAUTH command during the RSA authentication process, thereby compromising the security of affected systems. Immediate remediation is recommended for systems utilizing these versions of Cfengine.

References

http://www.coresecurity.com/common/showdoc.php?idx=387&id...

x_refsource_MISC

http://marc.info/?l=bugtraq&m=109208394910086&w=2

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/16935

vdb-entryx_refsource_XF

EPSS Score

56% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Feb 21, 2005
Vulnerability published
Aug 9, 2004