Denial of Service Vulnerability in Cfengine Products by ACF
CVE-2004-1702

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
9 August 2004

Summary

The Cfengine software contains a vulnerability within the AuthenticationDialogue function of the cfservd component. Due to improper handling of return values from the ReceiveTransaction function, a failed allocation can occur. This results in a null dereference, allowing remote attackers to exploit this weakness and induce a denial of service, effectively crashing the application. Users of affected versions should take immediate steps to secure their installations.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.