Cfengine CFServD Transaction Packet Buffer Overrun Vulnerability Network Vulnerability

Summary

Cfengine is running on this remote host. This version is prone to a stack-based buffer overrun vulnerability. An attacker, exploiting this flaw, would need network access to the server as well as the ability to send a crafted transaction packet to the cfservd process. A successful exploitation of this flaw would lead to arbitrary code being executed on the remote machine or a loss of service (DoS).

Solution

Upgrade to at least 1.5.3-4, 2.0.8 or most recent 2.1 version.

Severity

Classification

CVE CVE-2003-0849

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Kerio WebMail v5 multiple flaws
Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw
Quantum DXi Remote 'root' Authentication Bypass Vulnerability
Cherokee directory traversal flaw
SOCKS4A hostname overflow

cfengine CFServD transaction packet buffer overrun vulnerability

Take action and discover your vulnerabilities