CVE-2003-0849
Summary
| CVE | CVE-2003-0849 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2003-11-17 05:00:00 UTC |
| Updated | 2016-10-18 02:38:00 UTC |
| Description | Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gnu | Cfengine | 2.0.0 | All | All | All |
| Application | Gnu | Cfengine | 2.0.1 | All | All | All |
| Application | Gnu | Cfengine | 2.0.2 | All | All | All |
| Application | Gnu | Cfengine | 2.0.3 | All | All | All |
| Application | Gnu | Cfengine | 2.0.4 | All | All | All |
| Application | Gnu | Cfengine | 2.0.5 | All | All | All |
| Application | Gnu | Cfengine | 2.0.5 | b1 | All | All |
| Application | Gnu | Cfengine | 2.0.5 | pre | All | All |
| Application | Gnu | Cfengine | 2.0.5 | pre2 | All | All |
| Application | Gnu | Cfengine | 2.0.6 | All | All | All |
| Application | Gnu | Cfengine | 2.0.7 | All | All | All |
| Application | Gnu | Cfengine | 2.0.7 | p1 | All | All |
| Application | Gnu | Cfengine | 2.0.7 | p2 | All | All |
| Application | Gnu | Cfengine | 2.0.7 | p3 | All | All |
| Application | Gnu | Cfengine | 2.1.0 | a6 | All | All |
| Application | Gnu | Cfengine | 2.1.0 | a8 | All | All |
| Application | Gnu | Cfengine | 2.1.0 | a9 | All | All |
| Application | Gnu | Cfengine | 2.0.0 | All | All | All |
| Application | Gnu | Cfengine | 2.0.1 | All | All | All |
| Application | Gnu | Cfengine | 2.0.2 | All | All | All |
| Application | Gnu | Cfengine | 2.0.3 | All | All | All |
| Application | Gnu | Cfengine | 2.0.4 | All | All | All |
| Application | Gnu | Cfengine | 2.0.5 | All | All | All |
| Application | Gnu | Cfengine | 2.0.5 | b1 | All | All |
| Application | Gnu | Cfengine | 2.0.5 | pre | All | All |
| Application | Gnu | Cfengine | 2.0.5 | pre2 | All | All |
| Application | Gnu | Cfengine | 2.0.6 | All | All | All |
| Application | Gnu | Cfengine | 2.0.7 | All | All | All |
| Application | Gnu | Cfengine | 2.0.7 | p1 | All | All |
| Application | Gnu | Cfengine | 2.0.7 | p2 | All | All |
| Application | Gnu | Cfengine | 2.0.7 | p3 | All | All |
| Application | Gnu | Cfengine | 2.1.0 | a6 | All | All |
| Application | Gnu | Cfengine | 2.1.0 | a8 | All | All |
| Application | Gnu | Cfengine | 2.1.0 | a9 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 'GLSA: cfengine (200310-02)' - MARC | BUGTRAQ | marc.info | |
| 'Cfengine2 cfservd remote stack overflow' - MARC | BUGTRAQ | marc.info | |
| 'cfengine2-2.0.3 remote exploit for redhat' - MARC | BUGTRAQ | marc.info | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.