Vulnerabilities > CVE-2003-0849 - Remote Security vulnerability in Cfengine
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 17 |
Exploit-Db
description CFEngine 2.0.x CFServD Transaction Packet Buffer Overrun Vulnerability (2). CVE-2003-0849. Remote exploit for linux platform id EDB-ID:23183 last seen 2016-02-02 modified 2003-11-04 published 2003-11-04 reporter snooq source https://www.exploit-db.com/download/23183/ title CFEngine 2.0.x CFServD Transaction Packet Buffer Overrun Vulnerability 2 description CFEngine 2.0.x CFServD Transaction Packet Buffer Overrun Vulnerability (1). CVE-2003-0849. Remote exploit for linux platform id EDB-ID:23182 last seen 2016-02-02 modified 2003-09-25 published 2003-09-25 reporter jsk source https://www.exploit-db.com/download/23182/ title CFEngine 2.0.x CFServD Transaction Packet Buffer Overrun Vulnerability 1 description GNU Cfengine 2.-2.0.3 Remote Stack Overflow Exploit. CVE-2003-0849. Remote exploit for bsd platform id EDB-ID:105 last seen 2016-01-31 modified 2003-09-27 published 2003-09-27 reporter kokanin source https://www.exploit-db.com/download/105/ title GNU Cfengine 2.-2.0.3 - Remote Stack Overflow Exploit
Nessus
NASL family Gain a shell remotely NASL id GNU_CFSERV.NASL description The remote Cfserver seems to be vulnerable to a remote buffer overflow bug. Such a bug might be exploited by an attacker to execute arbitrary code on this host, with the privileges cfservd is running with. last seen 2020-06-01 modified 2020-06-02 plugin id 11893 published 2003-10-16 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11893 title Cfengine cfservd ReceiveTransaction Function Remote Overflow (intrusive check) code # # (C) Tenable Network Security, Inc. # # script based on exploit code by # kokaninATdtors.net include("compat.inc"); if (description) { script_id(11893); script_version("1.21"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2003-0849"); script_bugtraq_id(8699); script_xref(name:"Secunia", value:"9855"); script_name(english:"Cfengine cfservd ReceiveTransaction Function Remote Overflow (intrusive check)"); script_summary(english:"Checks for the Cfserver remote buffer overflow"); script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a remote buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The remote Cfserver seems to be vulnerable to a remote buffer overflow bug. Such a bug might be exploited by an attacker to execute arbitrary code on this host, with the privileges cfservd is running with."); script_set_attribute(attribute:"see_also", value:"https://packetstormsecurity.com/files/31714/cfengine.txt.html"); script_set_attribute(attribute:"solution", value:"Upgrade to version 2.0.8/2.0.8p1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/09/25"); script_set_attribute(attribute:"patch_publication_date", value:"2003/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/10/16"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_DESTRUCTIVE_ATTACK); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"Gain a shell remotely"); script_dependencie("find_service1.nasl"); script_require_keys("Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = 5308; if (!get_port_state(port)) exit(0); req = hex2raw(s: tolower("32647564656475646564756465647564656475646509322F6173646661736466617464666173646661736466433A5C096C6F63616C686F73742E6C6F63616C646F6D61696E2E636F6D093730092D0D0A2E0D0A")); req += crap(3500); soc = open_sock_tcp(port); if (!soc) exit(0); send (socket:soc, data:req); close(soc); sleep(1); soc = open_sock_tcp(port); if (!soc) security_hole(port); exit(0);
NASL family Gain a shell remotely NASL id CFENGINE_TRANS_PACKET_BUFF_OVERRUN.NASL description Cfengine is running on this remote host. This version has a stack-based buffer overrun vulnerability. An attacker, exploiting this flaw, would need network access to the server as well as the ability to send a crafted transaction packet to the cfservd process. Successful exploitation of this flaw would lead to arbitrary code being executed on the remote machine or a loss of service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 14317 published 2004-08-20 reporter This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14317 title Cfengine cfservd ReceiveTransaction Function Remote Overflow (version check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(14317); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_cve_id("CVE-2003-0849"); script_bugtraq_id(8699); script_name(english:"Cfengine cfservd ReceiveTransaction Function Remote Overflow (version check)"); script_summary(english:"check for cfengine flaw based on its version"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by a remote buffer overflow vulnerability." ); script_set_attribute(attribute:"description", value: "Cfengine is running on this remote host. This version has a stack-based buffer overrun vulnerability. An attacker, exploiting this flaw, would need network access to the server as well as the ability to send a crafted transaction packet to the cfservd process. Successful exploitation of this flaw would lead to arbitrary code being executed on the remote machine or a loss of service (DoS)." ); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=106451047819552&w=2"); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=106485375218280&w=2"); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=106546086216984&w=2"); script_set_attribute(attribute:"solution", value: "Upgrade to at least 1.5.3-4, 2.0.8 or most recent 2.1 version." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/20"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/09/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gain a shell remotely"); script_require_ports(5308); script_dependencies("cfengine_detect.nasl"); exit(0); } port = 5308; if ( ! get_kb_item("cfengine/running") ) exit(0); version=get_kb_item("cfengine/version"); if (version) { if (egrep(pattern:"(1\.[0-4]\.|1\.5\.[0-2]|1\.5\.3-[0-3]|2\.(0\.[0-7]|1\.0a[0-9][^0-9]))", string:version)) security_hole(port); }