Juan Pablo Martinez Kuhn has discovered two vulnerabilities in Cfengine, allowing malicious people to compromise the system or cause a DoS (Denial of Service).
The vulnerabilities are caused due to insufficient input validation and a boundary error in the cfservd daemon when processing authentication requests. The problems lies in the "AuthenticationDialogue()" function, which is responsible for performing RSA authentication and key agreement.
This can be exploited to cause a heap-based buffer overflow and thereby execute arbitrary code.
The vulnerabilities reportedly affect Cfengine 2.0.0 to 2.1.7p1.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com