Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in cfengine
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in cfengine
ID: 200310-2
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Mo, 6. Oktober 2003, 13:00
Referenzen: Keine Angabe
Applikationen: cfengine

Originalnachricht

-------------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200310-2
-------------------------------------------------------------------------------
Package : cfengine
Summary : stack overflow in cfengine network code
Date : 2003-10-04 23:30 UTC
Exploit : remote
Versions Affected : < 2.0.8, 2.1.0a6-a9
Fixed Version : >= 2.0.8, >=2.1.0b1
Gentoo Bug ID : 28910
CVE : we are not aware of any at this time
-------------------------------------------------------------------------------

DESCRIPTION
===========

From the bugtraq posting:

"There is an exploitable stack overflow in the network I/O code used in the
cfservd daemon in Cfengine 2.x prior to version 2.0.8. Arbitrary code
execution has been demonstrated on x86 FreeBSD and is believed to be
possible on all platforms.

Cfengine 1 is not vulnerable, but downgrading is not recommended as version
1 is nolonger supported by the author."

Read the full advisory at:
http://packetstormsecurity.nl/0309-advisories/cfengine.txt


SOLUTION
========

It is recommended that all Gentoo Linux users who are using
net-misc/cfengine upgrade to a fixed version.

emerge sync
emerge -p cfengine
emerge cfengine
emerge clean

---------------------------------------------------------------------------
Kurt Lieber
klieber@gentoo.org

GPG Key is available at http://dev.gentoo.org/~klieber/klieber.gpg
---------------------------------------------------------------------------
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung