This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.
The remote host is affected by a denial of service vulnerability.
Cfengine is running on this remote host.
Cfengine cfservd is reported prone to a remote heap-based buffer
The vulnerability presents itself in the cfengine cfservd
AuthenticationDialogue() function. The issue exists due to a lack of
sufficient boundary checks performed on challenge data that is
received from a client.
In addition, cfengine cfservd is reported prone to a remote denial of
service vulnerability. The vulnerability presents itself in the
cfengine cfservd AuthenticationDialogue() function which is
responsible for processing SAUTH commands and also performing RSA
based authentication. The vulnerability presents itself because
return values for several statements within the
AuthenticationDialogue() function are not checked.
See also :
Upgrade to 2.1.8 or newer.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: Gain a shell remotely
Nessus Plugin ID: 14314 (cfengine_authdiag.nasl)
Bugtraq ID: 1089910900
CVE ID: CVE-2004-1701CVE-2004-1702
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.