Vulnerabilities > CVE-2004-1701 - Unspecified vulnerability in GNU Cfengine

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gnu
nessus
exploit available
NVD
Published: 2004-08-09
Updated: 2024-11-20

Summary

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.

Vulnerable Configurations

Part Description Count
Application
Gnu
20

Exploit-Db

  • descriptionGNU CFEngine 2.0.x/2.1 AuthenticationDialogue Remote Heap Based Buffer Overrun Vulnerability (1). CVE-2004-1701. Dos exploit for linux platform
    idEDB-ID:24360
    last seen2016-02-02
    modified2004-08-09
    published2004-08-09
    reporterJuan Pablo Martinez Kuhn
    sourcehttps://www.exploit-db.com/download/24360/
    titleGNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun Vulnerability 1
  • descriptionGNU CFEngine 2.0.x/2.1 AuthenticationDialogue Remote Heap Based Buffer Overrun Vulnerability (2). CVE-2004-1701. Remote exploit for linux platform
    idEDB-ID:24361
    last seen2016-02-02
    modified2004-08-09
    published2004-08-09
    reporterjsk
    sourcehttps://www.exploit-db.com/download/24361/
    titleGNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun Vulnerability 2

Nessus

  • NASL familyGain a shell remotely
    NASL idCFENGINE_AUTHDIAG.NASL
    descriptionCfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue() function. The issue exists due to a lack of sufficient boundary checks performed on challenge data that is received from a client. In addition, cfengine cfservd is reported prone to a remote denial of service vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue() function which is responsible for processing SAUTH commands and also performing RSA based authentication. The vulnerability presents itself because return values for several statements within the AuthenticationDialogue() function are not checked.
    last seen2020-06-01
    modified2020-06-02
    plugin id14314
    published2004-08-20
    reporterThis script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/14314
    titleCfengine AuthenticationDialogue() Function Remote Overflow
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200408-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200408-08 (Cfengine: RSA Authentication Heap Corruption) Two vulnerabilities have been found in cfservd. One is a buffer overflow in the AuthenticationDialogue function and the other is a failure to check the proper return value of the ReceiveTransaction function. Impact : An attacker could use the buffer overflow to execute arbitrary code with the permissions of the user running cfservd, which is usually the root user. However, before such an attack could be mounted, the IP-based ACL would have to be bypassed. With the second vulnerability, an attacker could cause a denial of service attack. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Cfengine. (It should be noted that disabling cfservd will work around this particular problem. However, in many cases, doing so will cripple your Cfengine setup. Upgrading is strongly recommended.)
    last seen2020-06-01
    modified2020-06-02
    plugin id14564
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/14564
    titleGLSA-200408-08 : Cfengine: RSA Authentication Heap Corruption

References