CVE Vulnerabilities

CVE-2004-1702

Published: Aug 09, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).

Affected Software

Name Vendor Start Version End Version
Cfengine Gnu 2.0.0 (including) 2.0.0 (including)
Cfengine Gnu 2.0.1 (including) 2.0.1 (including)
Cfengine Gnu 2.0.2 (including) 2.0.2 (including)
Cfengine Gnu 2.0.3 (including) 2.0.3 (including)
Cfengine Gnu 2.0.4 (including) 2.0.4 (including)
Cfengine Gnu 2.0.5 (including) 2.0.5 (including)
Cfengine Gnu 2.0.5-b1 (including) 2.0.5-b1 (including)
Cfengine Gnu 2.0.5-pre (including) 2.0.5-pre (including)
Cfengine Gnu 2.0.5-pre2 (including) 2.0.5-pre2 (including)
Cfengine Gnu 2.0.6 (including) 2.0.6 (including)
Cfengine Gnu 2.0.7 (including) 2.0.7 (including)
Cfengine Gnu 2.0.7-p1 (including) 2.0.7-p1 (including)
Cfengine Gnu 2.0.7-p2 (including) 2.0.7-p2 (including)
Cfengine Gnu 2.0.7-p3 (including) 2.0.7-p3 (including)
Cfengine Gnu 2.0.8 (including) 2.0.8 (including)
Cfengine Gnu 2.0.8-p1 (including) 2.0.8-p1 (including)
Cfengine Gnu 2.1.0-a6 (including) 2.1.0-a6 (including)
Cfengine Gnu 2.1.0-a8 (including) 2.1.0-a8 (including)
Cfengine Gnu 2.1.0-a9 (including) 2.1.0-a9 (including)
Cfengine Gnu 2.1.7-p1 (including) 2.1.7-p1 (including)

References