Heap-based Buffer Overflow in Cfengine by Cfengine Corp
CVE-2004-1701

Currently unrated

Key Information:

Vendor

Gnu
Status
Cfengine
Vendor
CVE Published:
9 August 2004

What is CVE-2004-1701?

A heap-based buffer overflow vulnerability exists in the AuthenticationDialogue function of cfservd in Cfengine versions 2.0.0 to 2.1.7p1. This flaw permits remote attackers to potentially execute arbitrary code through a specially crafted long SAUTH command during the RSA authentication process, thereby compromising the security of affected systems. Immediate remediation is recommended for systems utilizing these versions of Cfengine.

References

http://www.coresecurity.com/common/showdoc.php?idx=387&id...
x_refsource_MISC
http://marc.info/?l=bugtraq&m=109208394910086&w=2
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/16935
vdb-entryx_refsource_XF

EPSS Score

56% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.