Cfengine CFServD Transaction Packet Buffer Overrun Vulnerability Network Vulnerability

Summary

Cfengine is running on this remote host. This version is prone to a stack-based buffer overrun vulnerability. An attacker, exploiting this flaw, would need network access to the server as well as the ability to send a crafted transaction packet to the cfservd process. A successful exploitation of this flaw would lead to arbitrary code being executed on the remote machine or a loss of service (DoS).

Solution

Upgrade to at least 1.5.3-4, 2.0.8 or most recent 2.1 version.

Severity

Classification

CVE CVE-2003-0849
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Format string on URI
Mercur Mailserver/Messaging version <= 5.0 IMAP Overflow Vulnerability
MiniShare webserver buffer overflow
Microsoft RPC Interface Buffer Overrun (823980)
EFTP buffer overflow

cfengine CFServD transaction packet buffer overrun vulnerability

Take action and discover your vulnerabilities