Test ID:	1.3.6.1.4.1.25623.1.0.14317
Category:	Gain a shell remotely
Title:	cfengine CFServD transaction packet buffer overrun vulnerability
Summary:	Cfengine is running on this remote host.;; This version is prone to a stack-based buffer overrun vulnerability.; An attacker, exploiting this flaw, would need network access to the; server as well as the ability to send a crafted transaction packet; to the cfservd process. A successful exploitation of this flaw; would lead to arbitrary code being executed on the remote machine; or a loss of service (DoS).
Description:	Summary: Cfengine is running on this remote host. This version is prone to a stack-based buffer overrun vulnerability. An attacker, exploiting this flaw, would need network access to the server as well as the ability to send a crafted transaction packet to the cfservd process. A successful exploitation of this flaw would lead to arbitrary code being executed on the remote machine or a loss of service (DoS). Solution: Upgrade to at least 1.5.3-4, 2.0.8 or most recent 2.1 version. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0849 Bugtraq: 20030925 Cfengine2 cfservd remote stack overflow (Google Search) http://marc.info/?l=bugtraq&m=106451047819552&w=2 Bugtraq: 20030928 cfengine2-2.0.3 remote exploit for redhat (Google Search) http://marc.info/?l=bugtraq&m=106485375218280&w=2 Bugtraq: 20031005 GLSA: cfengine (200310-02) (Google Search) http://marc.info/?l=bugtraq&m=106546086216984&w=2
Copyright	Copyright (C) 2004 David Maciejak

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.