Lucene search
This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.CFENGINE_TRANS_PACKET_BUFF_OVERRUN.NASLHistoryAug 20, 2004 - 12:00 a.m.
Cfengine cfservd ReceiveTransaction Function Remote Overflow (version check)
2004-08-2000:00:00
This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
Cfengine is running on this remote host.
This version has a stack-based buffer overrun vulnerability.
An attacker, exploiting this flaw, would need network access to the server as well as the ability to send a crafted transaction packet to the cfservd process. Successful exploitation of this flaw would lead to arbitrary code being executed on the remote machine or a loss of service (DoS).
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(14317);
script_version("1.19");
script_cvs_date("Date: 2018/11/15 20:50:22");
script_cve_id("CVE-2003-0849");
script_bugtraq_id(8699);
script_name(english:"Cfengine cfservd ReceiveTransaction Function Remote Overflow (version check)");
script_summary(english:"check for cfengine flaw based on its version");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a remote buffer overflow vulnerability." );
script_set_attribute(attribute:"description", value:
"Cfengine is running on this remote host.
This version has a stack-based buffer overrun vulnerability.
An attacker, exploiting this flaw, would need network access to the
server as well as the ability to send a crafted transaction packet to
the cfservd process. Successful exploitation of this flaw would lead
to arbitrary code being executed on the remote machine or a loss of
service (DoS)." );
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=106451047819552&w=2");
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=106485375218280&w=2");
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=106546086216984&w=2");
script_set_attribute(attribute:"solution", value:
"Upgrade to at least 1.5.3-4, 2.0.8 or most recent 2.1 version." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/20");
script_set_attribute(attribute:"vuln_publication_date", value: "2003/09/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Gain a shell remotely");
script_require_ports(5308);
script_dependencies("cfengine_detect.nasl");
exit(0);
}
port = 5308;
if ( ! get_kb_item("cfengine/running") ) exit(0);
version=get_kb_item("cfengine/version");
if (version)
{
if (egrep(pattern:"(1\.[0-4]\.|1\.5\.[0-2]|1\.5\.3-[0-3]|2\.(0\.[0-7]|1\.0a[0-9][^0-9]))", string:version))
security_hole(port);
}
Related
openvas
openvas
cfengine CFServD transaction packet buffer overrun vulnerability
2005-11-03 00:00:00
cfengine CFServD transaction packet buffer overrun vulnerability
2005-11-03 00:00:00
cve
cve
CVE-2003-0849
2003-11-17 05:00:00
debiancve
debiancve
CVE-2003-0849
2003-11-17 05:00:00
nessus
nessus
Related for CFENGINE_TRANS_PACKET_BUFF_OVERRUN.NASL