Denial of Service Vulnerability in Cfengine Products by ACF
CVE-2004-1702

Currently unrated

Key Information:

Vendor: Gnu
Status: Cfengine
Vendor: CVE Published:; 9 August 2004

Summary

The Cfengine software contains a vulnerability within the AuthenticationDialogue function of the cfservd component. Due to improper handling of return values from the ReceiveTransaction function, a failed allocation can occur. This results in a null dereference, allowing remote attackers to exploit this weakness and induce a denial of service, effectively crashing the application. Users of affected versions should take immediate steps to secure their installations.

References

http://www.coresecurity.com/common/showdoc.php?idx=387&id...

x_refsource_MISC

http://marc.info/?l=bugtraq&m=109208394910086&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/12251

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Feb 21, 2005
Vulnerability published
Aug 9, 2004