Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0849

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0849
Last Modified 10 Sep 2008 03:20:42
Published 17 Nov 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0849

Summary

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

Vulnerable Systems

Application

  • Gnu Cfengine 2.0.0

  • Gnu Cfengine 2.0.1

  • Gnu Cfengine 2.0.2

  • Gnu Cfengine 2.0.3

  • Gnu Cfengine 2.0.4

  • Gnu Cfengine 2.0.5

  • Gnu Cfengine 2.0.6

  • Gnu Cfengine 2.0.7

  • Gnu Cfengine 2.1.0


References

BUGTRAQ - 20030925 Cfengine2 cfservd remote stack overflow

BUGTRAQ - 20031005 GLSA: cfengine (200310-02)

BUGTRAQ - 20030928 cfengine2-2.0.3 remote exploit for redhat


Last Updated: 27 May 2016 10:38:05