CVE-2003-0849

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=106546086216984&w=2
http://marc.info/?l=bugtraq&m=106451047819552&w=2
http://marc.info/?l=bugtraq&m=106485375218280&w=2

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:cfengine:2.0.0:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.5:pre::::::
	cpe:2.3:a:gnu:cfengine:2.0.5:pre2::::::
	cpe:2.3:a:gnu:cfengine:2.1.0:a8::::::
	cpe:2.3:a:gnu:cfengine:2.1.0:a9::::::
	cpe:2.3:a:gnu:cfengine:2.0.1:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.2:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.6:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.7:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.5:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.5:b1::::::
	cpe:2.3:a:gnu:cfengine:2.0.7:p1::::::
	cpe:2.3:a:gnu:cfengine:2.1.0:a6::::::
	cpe:2.3:a:gnu:cfengine:2.0.7:p2::::::
	cpe:2.3:a:gnu:cfengine:2.0.7:p3::::::
	cpe:2.3:a:gnu:cfengine:2.0.4:::::::*
	cpe:2.3:a:gnu:cfengine:2.0.3:::::::*

Information

Published : 2003-11-16 21:00

Updated : 2016-10-17 19:38

NVD link : CVE-2003-0849

Mitre link : CVE-2003-0849

JSON object : View

CWE

NVD-CWE-Other

Products Affected

gnu

cfengine

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://marc.info/?l=bugtraq&m=106546086216984&w=2", "name": "20031005 GLSA: cfengine (200310-02)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=106451047819552&w=2", "name": "20030925 Cfengine2 cfservd remote stack overflow", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=106485375218280&w=2", "name": "20030928 cfengine2-2.0.3 remote exploit for redhat", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0849", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2003-11-17T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.5:pre:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.5:pre2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.1.0:a8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.1.0:a9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.5:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.7:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.1.0:a6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.7:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.7:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:cfengine:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T02:38Z"}

7.5 /10