This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnu First view 2000-12-19
Product Cfengine Last view 2005-10-05
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:gnu:cfengine:2.0.2:*:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.7:p1:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.4:*:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.3:*:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.1.0:a6:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.7:p3:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.5:b1:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.5:*:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.7:*:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.6:*:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.1:*:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.1.0:a9:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.1.0:a8:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.5:pre2:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.5:pre:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.0:*:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.7:p2:*:*:*:*:*:* 4
cpe:2.3:a:gnu:cfengine:2.0.8:p1:*:*:*:*:*:* 3
cpe:2.3:a:gnu:cfengine:2.0.8:*:*:*:*:*:*:* 3
cpe:2.3:a:gnu:cfengine:2.1.7:p1:*:*:*:*:*:* 3
cpe:2.3:a:gnu:cfengine:1.6.5:*:*:*:*:*:*:* 2
cpe:2.3:a:gnu:cfengine:1.5.3-4:*:*:*:*:*:*:* 2
cpe:2.3:a:gnu:cfengine:1.6:a10:*:*:*:*:*:* 2
cpe:2.3:a:gnu:cfengine:1.5:*:*:*:*:*:*:* 2
cpe:2.3:a:gnu:cfengine:2.1.8:*:*:*:*:*:*:* 1
cpe:2.3:a:gnu:cfengine:2.1.9:*:*:*:*:*:*:* 1
cpe:2.3:a:gnu:cfengine:2.1.16:*:*:*:*:*:*:* 1
cpe:2.3:a:gnu:cfengine:1.6:a11:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
2.1 2005-10-05 CVE-2005-3137

The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.

2.1 2005-10-05 CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

5 2004-08-09 CVE-2004-1702

The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).

10 2004-08-09 CVE-2004-1701

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.

7.5 2003-11-17 CVE-2003-0849

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

10 2000-12-19 CVE-2000-0947

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

Open Source Vulnerability Database (OSVDB)

id Description
19820 Cfengine cfmailfilter Symlink Arbitrary File Overwrite
19819 Cfengine contrib/vicf.in Symlink Arbitrary File Overwrite
14664 Cfengine AuthenticationDialogue() Function Remote Overflow
8406 Cfengine AuthenticationDialogue() Function Remote DoS
2611 Cfengine cfservd ReceiveTransaction Function Remote Overflow
1590 Cfengine CAUTH Command Remote Format String

OpenVAS Exploits

id Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200408-08 (Cfengine)
File : nvt/glsa_200408_08.nasl
2008-09-04 Name : FreeBSD Ports: cfengine
File : nvt/freebsd_cfengine.nasl
2008-01-17 Name : Debian Security Advisory DSA 835-1 (cfengine)
File : nvt/deb_835_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 836-1 (cfengine2)
File : nvt/deb_836_1.nasl
2005-11-03 Name : cfengine AuthenticationDialogue vulnerability
File : nvt/cfengine_authdiag.nasl
2005-11-03 Name : cfengine format string vulnerability
File : nvt/cfengine_format_string_vuln.nasl
2005-11-03 Name : cfengine CFServD transaction packet buffer overrun vulnerability
File : nvt/cfengine_trans_packet_buff_overrun.nasl

Nessus® Vulnerability Scanner

id Description
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2000-061.nasl - Type: ACT_GATHER_INFO
2006-05-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_8688d5cd328c11daa2630001020eed82.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-198-1.nasl - Type: ACT_GATHER_INFO
2005-10-19 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-184.nasl - Type: ACT_GATHER_INFO
2005-10-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-835.nasl - Type: ACT_GATHER_INFO
2005-10-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-836.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200408-08.nasl - Type: ACT_GATHER_INFO
2004-08-20 Name: The remote host is affected by a denial of service vulnerability. Cfengine is...
File: cfengine_authdiag.nasl - Type: ACT_GATHER_INFO
2004-08-20 Name: The remote host is affected by a remote command execution vulnerability.
File: cfengine_format_string_vuln.nasl - Type: ACT_GATHER_INFO
2004-08-20 Name: The remote host is affected by a remote buffer overflow vulnerability.
File: cfengine_trans_packet_buff_overrun.nasl - Type: ACT_GATHER_INFO
2003-10-16 Name: The remote host is affected by a remote buffer overflow vulnerability.
File: gnu_cfserv.nasl - Type: ACT_DESTRUCTIVE_ATTACK