GNU Cfengine 2.-2.0.3 Remote Stack Overflow Exploit

No description provided by source. !/usr/bin/perl -s kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003. forking portbind shellcode port=0xb0ef45295 by eSDee bug discovered by nick cleaton, tested on FreeBSD 4.8-RELEASE use IO::Socket; if!$ARGV1 print "usage: ./DSR-cfengine.pl ho...

GNU CFEngine 2.-2.0.3 - Remote Stack Overflow

!/usr/bin/perl -s kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003. forking portbind shellcode port=0xb0ef45295 by eSDee bug discovered by nick cleaton, tested on FreeBSD 4.8-RELEASE use IO::Socket; if!$ARGV1 print "usage: ./DSR-cfengine.pl default cfengine is 5308\n"; exit-1;...

GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1)

GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun 1 // source: https://www.securityfocus.com/bid/8699/info cfengine is prone to a stack-based buffer overrun vulnerability. This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd. This issu...

FreeBSD Ports Security Advisory FreeBSD-SA-01:27.cfengine

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:27 Security Advisory FreeBSD, Inc. Topic: cfengine port contains remote root vulnerability Category: ports Module: cfengine Announced: 2001-03-12 Credits: Pekka Savola...

Серьезные дырки в cfengine

Многочисленные ошибки форматной строки позволяют получить root удаленно...

FreeBSD-SA-01:27.cfengine

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:27 Security Advisory FreeBSD, Inc. Topic: cfengine port contains remote root vulnerability Category: ports Module: cfengine Announced: 2001-03-12 Credits: Pekka Savola...

CVE-2000-0947

The CVE-2000-0947 issue is a format-string vulnerability in CFEngine’s cfd (CFEngine daemon) that can be triggered via the CAUTH command, allowing an attacker to cause the vulnerable host to run arbitrary commands. OpenVAS/Nessus entries describe that the flaw arises in cfd’s syslog handling and ...

CVE-2000-0947

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command...

CVE-2000-0947

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command...

SuSE Security Announcement: cfengine

-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: cfengine Date: Wednesday, October 11th, 2000 19:15 MEST Affected SuSE versions: 5.3, 6.0, 6.1, 6.3, 6.4, 7.0 Vulnerability Type: remote root compromise Severity 1-10: 5 SuSE default package: no Other affected systems: Linux...

CVE-1999-0374

CVE-1999-0374 : Debian GNU/Linux cfengine is vulnerable to a symlink attack. Connected documents confirm the issue but do not specify affected versions or a fixed release. PT-1999-1061 notes no information about a newer version containing a fix; monitoring for updates is advised. No exploit detai...

CVE-1999-0374

Debian GNU/Linux cfengine package is susceptible to a symlink attack...

cfengine.symlink.txt

Date: Tue, 16 Feb 1999 01:12:20 +0100 From: Wichert Akkerman To: [email protected] Subject: SECURITY New versions of cfengine fixes symlink attack -----BEGIN PGP SIGNED MESSAGE----- The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files wh...

CVE-1999-0374

Debian GNU/Linux cfengine package is susceptible to a symlink attack...

[SECURITY] New versions of cfengine fixes symlink attack

The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspectible to a symlink attack. The author has been notified of the problem but has not released a fix yet. We recommend y...

PT-1999-1061 · Debian · Cfengine

Name of the Vulnerable Software and Affected Versions: Debian GNU/Linux affected versions not specified Description: The issue affects the cfengine package in Debian GNU/Linux, making it susceptible to a symlink attack. Recommendations: At the moment, there is no information about a newer version...

[SECURITY] New versions of cfengine fixes symlink attack

The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspectible to a symlink attack. The author has been notified of the problem but has not released a fix yet. We recommend y...

Cfengine RSA Authentication Heap Corruption

Advisory ID Internal CORE-2004-0714 Advisory ID: CORE-2004-0714 Bugtraq ID: 10899, 10900 CVE Name: None currently assigned. Title: Cfengine RSA Authentication Heap Corruption Class: Input validation error Boundary error condition Buffer Overflow Remotely Exploitable: Yes Locally Exploitable: Yes...