Nessus Plugin #14314
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
cfengine AuthenticationDialogue vulnerability
- Family:
- Denial of Service
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2004 David Maciejak
- Summary:
- check for cfengine flaw based on its version
- Version:
- $Revision: 1.4 $
- Cve_id:
- -
- Bugtraq_id:
- 10899, 10900
- Xrefs:
- -
- Description:
Cfengine is running on this remote host.
cfengine cfservd is reported prone to a remote heap-based buffer
overrun vulnerability.
The vulnerability presents itself in the cfengine cfservd
AuthenticationDialogue() function. The issue exists due to a
lack of sufficient boundary checks performed on challenge data
that is received from a client.
In addition, cfengine cfservd is reported prone to a remote denial
of service vulnerability. The vulnerability presents itself in the cfengine
cfservd AuthenticationDialogue() function which is responsible for processing
SAUTH commands and also performing RSA based authentication. The vulnerability
presents itself because return values for several statements within the
AuthenticationDialogue() function are not checked.
Solution: Upgrade to 2.1.8 or newer
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.