Cfengine AuthenticationDialogue() Function Remote Overflow

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a denial of service vulnerability.
Cfengine is running on this remote host.

Description :

Cfengine cfservd is reported prone to a remote heap-based buffer
overrun vulnerability.

The vulnerability presents itself in the cfengine cfservd
AuthenticationDialogue() function. The issue exists due to a lack of
sufficient boundary checks performed on challenge data that is
received from a client.

In addition, cfengine cfservd is reported prone to a remote denial of
service vulnerability. The vulnerability presents itself in the
cfengine cfservd AuthenticationDialogue() function which is
responsible for processing SAUTH commands and also performing RSA
based authentication. The vulnerability presents itself because
return values for several statements within the
AuthenticationDialogue() function are not checked.

See also :

http://archives.neohapsis.com/archives/bugtraq/2005-02/0333.html
http://security.gentoo.org/glsa/glsa-200408-08.xml

Solution :

Upgrade to 2.1.8 or newer.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 14314 (cfengine_authdiag.nasl)

Bugtraq ID: 10899
10900

CVE ID: CVE-2004-1701
CVE-2004-1702