Denial of Service Vulnerability in Cfengine Products by ACF
CVE-2004-1702
Currently unrated
Summary
The Cfengine software contains a vulnerability within the AuthenticationDialogue function of the cfservd component. Due to improper handling of return values from the ReceiveTransaction function, a failed allocation can occur. This results in a null dereference, allowing remote attackers to exploit this weakness and induce a denial of service, effectively crashing the application. Users of affected versions should take immediate steps to secure their installations.
References
Timeline
Vulnerability Reserved
Vulnerability published