Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-200408-08.NASL
HistoryAug 30, 2004 - 12:00 a.m.

GLSA-200408-08 : Cfengine: RSA Authentication Heap Corruption

2004-08-3000:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.133 Low

EPSS

Percentile

95.6%

JSON

The remote host is affected by the vulnerability described in GLSA-200408-08 (Cfengine: RSA Authentication Heap Corruption)

Two vulnerabilities have been found in cfservd. One is a buffer     overflow in the AuthenticationDialogue function and the other is a     failure to check the proper return value of the ReceiveTransaction     function.

Impact :

An attacker could use the buffer overflow to execute arbitrary code     with the permissions of the user running cfservd, which is usually the     root user. However, before such an attack could be mounted, the     IP-based ACL would have to be bypassed. With the second vulnerability,     an attacker could cause a denial of service attack.

Workaround :

There is no known workaround at this time. All users are encouraged to     upgrade to the latest available version of Cfengine. (It should be     noted that disabling cfservd will work around this particular problem.
However, in many cases, doing so will cripple your Cfengine setup.
Upgrading is strongly recommended.)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200408-08.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14564);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2004-1701", "CVE-2004-1702");
  script_xref(name:"GLSA", value:"200408-08");

  script_name(english:"GLSA-200408-08 : Cfengine: RSA Authentication Heap Corruption");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200408-08
(Cfengine: RSA Authentication Heap Corruption)

    Two vulnerabilities have been found in cfservd. One is a buffer
    overflow in the AuthenticationDialogue function and the other is a
    failure to check the proper return value of the ReceiveTransaction
    function.
  
Impact :

    An attacker could use the buffer overflow to execute arbitrary code
    with the permissions of the user running cfservd, which is usually the
    root user. However, before such an attack could be mounted, the
    IP-based ACL would have to be bypassed. With the second vulnerability,
    an attacker could cause a denial of service attack.
  
Workaround :

    There is no known workaround at this time. All users are encouraged to
    upgrade to the latest available version of Cfengine. (It should be
    noted that disabling cfservd will work around this particular problem.
    However, in many cases, doing so will cripple your Cfengine setup.
    Upgrading is strongly recommended.)"
  );
  # http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.secureauth.com/?idx=387&idxseccion=10"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200408-08"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Cfengine users should upgrade to the latest version:
    # emerge sync
    # emerge -pv '>=net-misc/cfengine-2.1.8'
    # emerge '>=net-misc/cfengine-2.1.8'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cfengine");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/08/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-misc/cfengine", unaffected:make_list("ge 2.1.8", "lt 2.0.0"), vulnerable:make_list("le 2.1.7"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Cfengine");
}
VendorProductVersionCPE
gentoolinuxcfenginep-cpe:/a:gentoo:linux:cfengine
gentoolinuxcpe:/o:gentoo:linux

Related

gentoo 1
openvas 4
nessus 1
debiancve 2
nvd 2
cvelist 2
cve 2
gentoo
gentoo
Cfengine: RSA Authentication Heap Corruption
2004-08-10 00:00:00
openvas
openvas
CFEngine AuthenticationDialogue Vulnerability
2005-11-03 00:00:00
cfengine AuthenticationDialogue vulnerability
2005-11-03 00:00:00
Gentoo Security Advisory GLSA 200408-08 (Cfengine)
2008-09-24 00:00:00
nessus
nessus
Cfengine AuthenticationDialogue() Function Remote Overflow
2004-08-20 00:00:00
debiancve
debiancve
CVE-2004-1702
2004-08-09 04:00:00
CVE-2004-1701
2004-08-09 04:00:00
nvd
nvd
CVE-2004-1702
2004-08-09 04:00:00
CVE-2004-1701
2004-08-09 04:00:00
cvelist
cvelist
CVE-2004-1702
2005-02-21 05:00:00
CVE-2004-1701
2005-02-21 05:00:00
cve
cve
CVE-2004-1702
2005-02-21 05:00:00
CVE-2004-1701
2005-02-21 05:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.133 Low

EPSS

Percentile

95.6%

JSON
Related for GENTOO_GLSA-200408-08.NASL
gentoo1openvas4nessus1debiancve2nvd2cvelist2cve2