Gnu: >> Cfengine >> 2.1.7 Security Vulnerabilities
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-10-05
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
CVSS Score
10.0
EPSS Score
0.568
Published
2004-08-09
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
CVSS Score
5.0
EPSS Score
0.021
Published
2004-08-09