The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cfengine | Gnu | 2.0.0 (including) | 2.0.0 (including) |
| Cfengine | Gnu | 2.0.1 (including) | 2.0.1 (including) |
| Cfengine | Gnu | 2.0.2 (including) | 2.0.2 (including) |
| Cfengine | Gnu | 2.0.3 (including) | 2.0.3 (including) |
| Cfengine | Gnu | 2.0.4 (including) | 2.0.4 (including) |
| Cfengine | Gnu | 2.0.5 (including) | 2.0.5 (including) |
| Cfengine | Gnu | 2.0.5-b1 (including) | 2.0.5-b1 (including) |
| Cfengine | Gnu | 2.0.5-pre (including) | 2.0.5-pre (including) |
| Cfengine | Gnu | 2.0.5-pre2 (including) | 2.0.5-pre2 (including) |
| Cfengine | Gnu | 2.0.6 (including) | 2.0.6 (including) |
| Cfengine | Gnu | 2.0.7 (including) | 2.0.7 (including) |
| Cfengine | Gnu | 2.0.7-p1 (including) | 2.0.7-p1 (including) |
| Cfengine | Gnu | 2.0.7-p2 (including) | 2.0.7-p2 (including) |
| Cfengine | Gnu | 2.0.7-p3 (including) | 2.0.7-p3 (including) |
| Cfengine | Gnu | 2.0.8 (including) | 2.0.8 (including) |
| Cfengine | Gnu | 2.0.8-p1 (including) | 2.0.8-p1 (including) |
| Cfengine | Gnu | 2.1.0-a6 (including) | 2.1.0-a6 (including) |
| Cfengine | Gnu | 2.1.0-a8 (including) | 2.1.0-a8 (including) |
| Cfengine | Gnu | 2.1.0-a9 (including) | 2.1.0-a9 (including) |
| Cfengine | Gnu | 2.1.7-p1 (including) | 2.1.7-p1 (including) |