Cfengine AuthenticationDialogue() Function Remote Overflow

Cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary checks performed on challenge data that is received from a clien...

Cfengine CAUTH Command Remote Format String

Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog. As a result, trusted hosts and valid users if access controls are not in place can...

Cfengine: RSA Authentication Heap Corruption

Background Cfengine is an agent/software robot and a high level policy language for building expert systems to administrate and configure large computer networks. Description Two vulnerabilities have been found in cfservd. One is a buffer overflow in the AuthenticationDialogue function and the...

CORE-2004-0714: Cfengine RSA Authentication Heap Corruption

Core Security Technologies Advisory http://www.coresecurity.com Cfengine RSA Authentication Heap Corruption Date Published: 2004-08-09 Last Update: 2004-08-09 Advisory ID: CORE-2004-0714 Bugtraq ID: None currently assigned. CVE Name: None currently assigned. Title: Cfengine RSA Authentication Hea...

cfengine memory corruption

Heap corruption during authentication...

CVE-2004-1701

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication...

CVE-2004-1702

The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service crash...

GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1)

source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary checks...

GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2)

// source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary chec...

GNU CFEngine 2.0.x2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1)

GNU CFEngine 2.0.x2.1 - AuthenticationDialogue Remote Heap Buffer Overrun 1 source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd...

CVE-2003-0849

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function...

GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2)

// source: https://www.securityfocus.com/bid/8699/info cfengine is prone to a stack-based buffer overrun vulnerability. This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd. This issue is due to insufficient bounds checking of data that is read in...

Cfengine cfservd ReceiveTransaction Function Remote Overflow (intrusive check)

The remote Cfserver seems to be vulnerable to a remote buffer overflow bug. Such a bug might be exploited by an attacker to execute arbitrary code on this host, with the privileges cfservd is running with. C Tenable Network Security, Inc. script based on exploit code by kokaninATdtors.net...

CVE-2003-0849

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function...

CVE-2003-0849

Removed by vendor...

CVE-2003-0849

Cfengine CFServD ReceiveTransaction Function Remote Overflow (CVE-2003-0849): A stack-based buffer overrun in cfservd’s ReceiveTransaction, triggered by crafted transactions, affects cfengine 2.x before 2.0.8. An attacker with network access can send a manipulated packet to cfservd, potentially a...

Buffer overflow in cfengine

Stack overflow on ACL check...

Cfengine2 cfservd remote stack overflow

============================================================================== Background ========== Cfengine www.cfengine.org automates the configuration and maintenance of large computer networks. A common setup involves running the cfservd daemon on TCP port 5308 on a central master server, wi...

GNU CFEngine 2.-2.0.3 - Remote Stack Overflow

GNU CFEngine 2.-2.0.3 - Remote Stack Overflow !/usr/bin/perl -s kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003. forking portbind shellcode port=0xb0ef45295 by eSDee bug discovered by nick cleaton, tested on FreeBSD 4.8-RELEASE use IO::Socket; if!$ARGV1 print "usage:...

GNU CFEngine 2.-2.0.3 - Remote Stack Overflow

!/usr/bin/perl -s kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003. forking portbind shellcode port=0xb0ef45295 by eSDee bug discovered by nick cleaton, tested on FreeBSD 4.8-RELEASE use IO::Socket; if!$ARGV1 print "usage: ./DSR-cfengine.pl default cfengine is 5308\n"; exit-1;...