CVE-2003-0849: Buffer Overflow
First published: Thu Oct 09 2003(Updated: )
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CFEngine | =2.0.0 | |
| CFEngine | =2.0.1 | |
| CFEngine | =2.0.2 | |
| CFEngine | =2.0.3 | |
| CFEngine | =2.0.4 | |
| CFEngine | =2.0.5 | |
| CFEngine | =2.0.5-b1 | |
| CFEngine | =2.0.5-pre | |
| CFEngine | =2.0.5-pre2 | |
| CFEngine | =2.0.6 | |
| CFEngine | =2.0.7 | |
| CFEngine | =2.0.7-p1 | |
| CFEngine | =2.0.7-p2 | |
| CFEngine | =2.0.7-p3 | |
| CFEngine | =2.1.0-a6 | |
| CFEngine | =2.1.0-a8 | |
| CFEngine | =2.1.0-a9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-0849?
CVE-2003-0849 is considered to have a critical severity level due to the potential for remote code execution.
How do I fix CVE-2003-0849?
To fix CVE-2003-0849, upgrade cfengine to version 2.0.8 or later, which addresses the buffer overflow vulnerability.
Which versions of GNU CFEngine are affected by CVE-2003-0849?
CVE-2003-0849 affects GNU CFEngine versions 2.0.0 through 2.0.7 and certain earlier versions.
What type of vulnerability is CVE-2003-0849?
CVE-2003-0849 is a buffer overflow vulnerability that can allow remote attackers to execute arbitrary code.
Can CVE-2003-0849 be exploited remotely?
Yes, CVE-2003-0849 can be exploited remotely via specially crafted packets.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/gnu
- product/cfengine
- canonical/gnu cfengine
- version/gnu cfengine/2.0.0
- version/gnu cfengine/2.0.1
- version/gnu cfengine/2.0.2
- version/gnu cfengine/2.0.3
- version/gnu cfengine/2.0.4
- version/gnu cfengine/2.0.5
- version/gnu cfengine/2.0.5-b1
- version/gnu cfengine/2.0.5-pre
- version/gnu cfengine/2.0.5-pre2
- version/gnu cfengine/2.0.6
- version/gnu cfengine/2.0.7
- version/gnu cfengine/2.0.7-p1
- version/gnu cfengine/2.0.7-p2
- version/gnu cfengine/2.0.7-p3
- version/gnu cfengine/2.1.0-a6
- version/gnu cfengine/2.1.0-a8
- version/gnu cfengine/2.1.0-a9