CVE-2004-1701

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=109208394910086&w=2
http://marc.info/?l=bugtraq&m=110886670528775&w=2
http://secunia.com/advisories/12251	Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200408-08.xml	Exploit Patch Vendor Advisory
http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10	Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/10899	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16935

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:cfengine:2.0.0:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.1:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.2:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.3:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.4:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.5:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.5:b1::::::
	cpe:2.3:a:gnu:cfengine:2.0.5:pre::::::
	cpe:2.3:a:gnu:cfengine:2.0.5:pre2::::::
	cpe:2.3:a:gnu:cfengine:2.0.6:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.7:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.7:p1::::::
	cpe:2.3:a:gnu:cfengine:2.0.7:p2::::::
	cpe:2.3:a:gnu:cfengine:2.0.7:p3::::::
	cpe:2.3:a:gnu:cfengine:2.0.8:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.8:p1::::::
	cpe:2.3:a:gnu:cfengine:2.1.0:a6::::::
	cpe:2.3:a:gnu:cfengine:2.1.0:a8::::::
	cpe:2.3:a:gnu:cfengine:2.1.0:a9::::::
	cpe:2.3:a:gnu:cfengine:2.1.7:p1::::::

History

No history.

Information

Published : 2004-08-09 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2004-1701

Mitre link : CVE-2004-1701

CVE.ORG link : CVE-2004-1701

JSON object : View

Products Affected

gnu

cfengine

CWE

NVD-CWE-Other

{"id": "CVE-2004-1701", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-08-09T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=109208394910086&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110886670528775&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/12251", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200408-08.xml", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10899", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16935", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication."}], "lastModified": "2017-07-11T01:31:16.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:cfengine:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E712F24-407C-451F-9DB4-09579B50F85B"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3AE934D-08E5-42C7-B4C1-C9B0C8881B3E"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD09E7B0-CA9F-49FC-BB8B-54CDB3230C98"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC2CD9C4-C206-4C43-B519-6E791187E2DE"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D38FC40B-AC0A-4DD6-9964-3E8D57EC5F19"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B4445F7-307B-4653-A0E4-0AE513218980"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.5:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4EC7DFB-CBB8-457F-94A0-1DBB833F5F71"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.5:pre:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B6729F6-B94B-4897-BEF5-C3A10A18D085"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.5:pre2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CF801CA-BED6-43CA-8EA1-522365F2AA57"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "455F26C8-CFDD-4C9C-8482-8D53614B1143"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61A3C108-D79A-4465-8F4D-317AD84098AA"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.7:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D21D57EA-DF58-429B-9FBE-F0080085B62E"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.7:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E622AEA-F5B4-4BA3-B9F0-2E7C4D121411"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.7:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D23A118C-59A6-44AB-A772-ED0037C95B53"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EC61324-5640-48E4-B3E3-0006FC90770E"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.0.8:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFC8CA7A-AB4C-4A04-B290-43A5E2B7B9E4"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.1.0:a6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CD529EF-93DF-441E-968B-32BAF48A9913"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.1.0:a8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BAB0408-08BD-4DCE-BA56-C60AD845E705"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.1.0:a9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F78851E3-1E2B-45DB-8B4A-F8E1BDE2E057"}, {"criteria": "cpe:2.3:a:gnu:cfengine:2.1.7:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "546496E5-38B1-4E01-A8AB-C32DD7FDC59E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}