CVE-2003-0849

Severity

75%

Complexity

99%

Confidentiality

106%

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

GNU Cfengine

First reported 21 years ago

2003-11-17 05:00:00

Last updated 8 years ago

2016-10-18 02:38:00

Affected Software

GNU Cfengine 2.0.0

2.0.0

GNU Cfengine 2.0.1

2.0.1

GNU Cfengine 2.0.2

2.0.2

GNU Cfengine 2.0.3

2.0.3

GNU Cfengine 2.0.4

2.0.4

GNU Cfengine 2.0.5

2.0.5

GNU Cfengine 2.0.6

2.0.6

GNU Cfengine 2.0.7

2.0.7

References

20030925 Cfengine2 cfservd remote stack overflow

20030928 cfengine2-2.0.3 remote exploit for redhat

20031005 GLSA: cfengine (200310-02)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.