CVE-2004-1701

Опубликовано: 09 авг. 2004

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.

Ссылки

http://marc.info/?l=bugtraq&m=109208394910086&w=2
http://marc.info/?l=bugtraq&m=110886670528775&w=2
http://secunia.com/advisories/12251
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200408-08.xml
Exploit
Patch
Vendor Advisory
http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/bid/10899
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16935
http://marc.info/?l=bugtraq&m=109208394910086&w=2
http://marc.info/?l=bugtraq&m=110886670528775&w=2
http://secunia.com/advisories/12251
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200408-08.xml
Exploit
Patch
Vendor Advisory
http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/bid/10899
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16935

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gnu:cfengine:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.5:b1:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.5:pre:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.5:pre2:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.7:p1:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.7:p2:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.7:p3:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.0.8:p1:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.1.0:a6:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.1.0:a8:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.1.0:a9:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:2.1.7:p1:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.56761

Средний

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2004-1701

debian

около 21 года назад

Heap-based buffer overflow in the AuthenticationDialogue function in c ...

GHSA-j3mm-cmpj-cv2w

github

больше 3 лет назад

BDU:2015-09467

fstec