Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cfengine | Gnu | 2.0.0 (including) | 2.0.0 (including) |
Cfengine | Gnu | 2.0.1 (including) | 2.0.1 (including) |
Cfengine | Gnu | 2.0.2 (including) | 2.0.2 (including) |
Cfengine | Gnu | 2.0.3 (including) | 2.0.3 (including) |
Cfengine | Gnu | 2.0.4 (including) | 2.0.4 (including) |
Cfengine | Gnu | 2.0.5 (including) | 2.0.5 (including) |
Cfengine | Gnu | 2.0.5-b1 (including) | 2.0.5-b1 (including) |
Cfengine | Gnu | 2.0.5-pre (including) | 2.0.5-pre (including) |
Cfengine | Gnu | 2.0.5-pre2 (including) | 2.0.5-pre2 (including) |
Cfengine | Gnu | 2.0.6 (including) | 2.0.6 (including) |
Cfengine | Gnu | 2.0.7 (including) | 2.0.7 (including) |
Cfengine | Gnu | 2.0.7-p1 (including) | 2.0.7-p1 (including) |
Cfengine | Gnu | 2.0.7-p2 (including) | 2.0.7-p2 (including) |
Cfengine | Gnu | 2.0.7-p3 (including) | 2.0.7-p3 (including) |
Cfengine | Gnu | 2.0.8 (including) | 2.0.8 (including) |
Cfengine | Gnu | 2.0.8-p1 (including) | 2.0.8-p1 (including) |
Cfengine | Gnu | 2.1.0-a6 (including) | 2.1.0-a6 (including) |
Cfengine | Gnu | 2.1.0-a8 (including) | 2.1.0-a8 (including) |
Cfengine | Gnu | 2.1.0-a9 (including) | 2.1.0-a9 (including) |
Cfengine | Gnu | 2.1.7-p1 (including) | 2.1.7-p1 (including) |