CVE-2005-2960

CVE-2005-2960 affects cfengine versions 1.6.5 and 2.1.16. The issue arises from insecure temporary file handling, allowing a local user to perform a symlink attack and overwrite arbitrary files owned by the user executing cfengine (likely root). The problem is tied to the vicf.in temporary files ...

CVE-2005-2960

Removed by vendor...

CVE-2005-3137

The 1 cfmailfilter and 2 cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960...

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137...

CVE-2005-3137

Removed by vendor...

Debian DSA-835-1 : cfengine - insecure temporary files

Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine, which is probably root. %NASLMINLEVEL...

[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting

-------------------------------------------------------------------------- Debian Security Advisory DSA 835-1 [email protected] http://www.debian.org/security/ Martin Schulze October 1st, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting

-------------------------------------------------------------------------- Debian Security Advisory DSA 835-1 [email protected] http://www.debian.org/security/ Martin Schulze October 1st, 2005 http://www.debian.org/security/faq -...

DSA-835-1 cfengine - insecure temporary files

Bulletin has no description...

CVE-2004-1701

Removed by vendor...

CVE-2004-1702

Removed by vendor...

CVE-2004-1702

CVE-2004-1702 affects Cfengine cfservd (versions 2.0.0–2.1.7p1). The vulnerability is in cfservd’s AuthenticationDialogue() where the return value of ReceiveTransaction is not properly handled, causing a failed malloc and a null dereference that can crash the process. OpenVAS and Gentoo GLSA desc...

CVE-2004-1701

CVE-2004-1701 describes a remote vulnerability in Cfengine’s cfservd: a heap-based buffer overflow in the AuthenticationDialogue() function allows an attacker to execute arbitrary code via a long SAUTH command during RSA authentication, affecting Cfengine 2.0.0 through 2.1.7p1. Public records als...

CVE-2004-1701

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication...

GNU Cfengine 2.17p1 - RSA Authentication Heap Overflow

GNU Cfengine 2.17p1 - RSA Authentication Heap Overflow / removed line 54 /str0ke / / cfengine rsa heap remote exploit part of PTjob project / \ / "fuck mm" by jsk:exwormhttp://exworm.hostrocket.com / bug found by core yep ta mei dayong ..hehe..so pub it.. my home: www.ph4nt0m.org GT:...

GNU Cfengine 2.17p1 - RSA Authentication Heap Overflow

/ removed line 54 /str0ke / / cfengine rsa heap remote exploit part of PTjob project / \ / "fuck mm" by jsk:exwormhttp://exworm.hostrocket.com / bug found by core yep ta mei dayong ..hehe..so pub it.. my home: www.ph4nt0m.org GT: emm.oyxin.seal.ava.haggis.broot.more.. No girl No money No jop...

GNU Cfengine 2.17p1 RSA Authentication Heap Overflow Exploit

No description provided by source. / removed line 54 /str0ke / / cfengine rsa heap remote exploit part of PTjob project / \ / "fuck mm" by jsk:exwormhttp://exworm.hostrocket.com / bug found by core yep ta mei dayong ..hehe..so pub it.. my home: www.ph4nt0m.org GT:...

GNU Cfengine 2.17p1 RSA Authentication Heap Overflow Exploit

Exploit for linux platform in category remote exploits ============================================================ GNU Cfengine 2.17p1 RSA Authentication Heap Overflow Exploit ============================================================ / removed line 54 /str0ke / / cfengine rsa heap remote...

GLSA-200408-08 : Cfengine: RSA Authentication Heap Corruption

The remote host is affected by the vulnerability described in GLSA-200408-08 Cfengine: RSA Authentication Heap Corruption Two vulnerabilities have been found in cfservd. One is a buffer overflow in the AuthenticationDialogue function and the other is a failure to check the proper return value of...

Cfengine cfservd ReceiveTransaction Function Remote Overflow (version check)

Cfengine is running on this remote host. This version has a stack-based buffer overrun vulnerability. An attacker, exploiting this flaw, would need network access to the server as well as the ability to send a crafted transaction packet to the cfservd process. Successful exploitation of this flaw...