GNU Cfengine 2.-2.0.3 - Remote Stack Overflow Exploit

No description provided by source. !/usr/bin/perl -s kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003. forking portbind shellcode port=0xb0ef45295 by eSDee bug discovered by nick cleaton, tested on FreeBSD 4.8-RELEASE use IO::Socket; if!$ARGV1 print usage: ./DSR-cfengine.pl hos...

CFEngine 2.0.x CFServD Transaction Packet Buffer Overrun Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/8699/info cfengine is prone to a stack-based buffer overrun vulnerability. This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd. This issue is due to insufficient bounds...

Mandrake Linux Security Advisory : cfengine (MDKSA-2000:061)

The GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. There are a number of string format vulnerabilities in syslog calls that can be abused to either make the cfengine program segfault and die or t...

MDVA-2009:165 : cfengine

The 'recurse' keyword in any editfile action trigger the following warning, for each file found: cfengine:hostname: Unknown action in editing of file XYZ. This update fixes this issue. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a...

Gentoo Security Advisory GLSA 200408-08 (Cfengine)

The remote host is missing updates announced in advisory GLSA 200408-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200408-08 (Cfengine)

The remote host is missing updates announced in advisory GLSA 200408-08. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD Ports: cfengine

The remote host is missing an update to the system as announced in the referenced advisory. VID 8688d5cd-328c-11da-a263-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: cfengine

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

GV PostScript Viewer Remote Buffer overflow Exploit

No description provided by source. / gv postscript viewer exploit , infamous42md AT hotpop DOT com run of the mill bof. spawns a remote shell on port 7000. woopty doo. if someone has been able to exploit the heap overflow in cfengine, please email me and teach me something. after days of pain i'v...

Debian Security Advisory DSA 835-1 (cfengine)

The remote host is missing an update to cfengine announced via advisory DSA 835-1. Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrar...

Debian: Security Advisory (DSA-835-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : cfengine -- arbitrary file overwriting vulnerability (8688d5cd-328c-11da-a263-0001020eed82)

A Debian Security Advisory reports : Javier Fernandez-Sanguino Pena discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine,...

Ubuntu 4.10 / 5.04 : cfengine vulnerabilities (USN-198-1)

Javier Fernandez-Sanguino Pena discovered that several tools in the cfengine package vicf, cfmailfilter, and cfcron create and use temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user...

cfengine AuthenticationDialogue vulnerability

Cfengine is running on this remote host. cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary checks performed on...

cfengine CFServD transaction packet buffer overrun vulnerability

Cfengine is running on this remote host. This version is prone to a stack-based buffer overrun vulnerability. An attacker, exploiting this flaw, would need network access to the server as well as the ability to send a crafted transaction packet to the cfservd process. A successful exploitation of...

CFEngine AuthenticationDialogue Vulnerability

CFEngine cfservd is prone to a remote heap-based buffer overrun vulnerability. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

cfengine format string vulnerability

Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog. As a result, trusted hosts and valid users if access controls are not in place can...

cfengine format string vulnerability

Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog. As a result, trusted hosts and valid users if access controls are not in place can...

CFEngine Detection (Linux/Unix SSH Login)

SSH login-based detection of CFEngine. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.14315";...

Mandrake Linux Security Advisory : cfengine (MDKSA-2005:184)

Javier Fernndez-Sanguino Pea discovered several insecure temporary file uses in cfengine = 1.6.5 and = 2.1.16 which allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. CVE-2005-2960 In addition, Javier discovered the cfmailfilter and cfcron.in...