National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cfengine
There are 7 matching records.
Vuln ID Summary CVSS Severity
CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

Published: October 05, 2005; 03:02:00 PM -04:00
V2: 2.1 LOW
CVE-2005-3137

The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.

Published: October 05, 2005; 03:02:00 PM -04:00
V2: 2.1 LOW
CVE-2004-1701

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.

Published: August 09, 2004; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2004-1702

The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).

Published: August 09, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2003-0849

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

Published: November 17, 2003; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2000-0947

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

Published: December 19, 2000; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-1999-0374

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

Published: February 16, 1999; 12:00:00 AM -05:00
V2: 2.1 LOW