Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.14317
Kategorie:Gain a shell remotely
Titel:cfengine CFServD transaction packet buffer overrun vulnerability
Zusammenfassung:Cfengine is running on this remote host.;; This version is prone to a stack-based buffer overrun vulnerability.; An attacker, exploiting this flaw, would need network access to the; server as well as the ability to send a crafted transaction packet; to the cfservd process. A successful exploitation of this flaw; would lead to arbitrary code being executed on the remote machine; or a loss of service (DoS).
Beschreibung:Summary:
Cfengine is running on this remote host.

This version is prone to a stack-based buffer overrun vulnerability.
An attacker, exploiting this flaw, would need network access to the
server as well as the ability to send a crafted transaction packet
to the cfservd process. A successful exploitation of this flaw
would lead to arbitrary code being executed on the remote machine
or a loss of service (DoS).

Solution:
Upgrade to at least 1.5.3-4, 2.0.8 or most recent 2.1 version.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 8699
Common Vulnerability Exposure (CVE) ID: CVE-2003-0849
Bugtraq: 20030925 Cfengine2 cfservd remote stack overflow (Google Search)
http://marc.info/?l=bugtraq&m=106451047819552&w=2
Bugtraq: 20030928 cfengine2-2.0.3 remote exploit for redhat (Google Search)
http://marc.info/?l=bugtraq&m=106485375218280&w=2
Bugtraq: 20031005 GLSA: cfengine (200310-02) (Google Search)
http://marc.info/?l=bugtraq&m=106546086216984&w=2
CopyrightThis script is Copyright (C) 2004 David Maciejak

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.