drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in cfengine
Name: |
Pufferüberlauf in cfengine |
|
ID: |
200310-2 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mo, 6. Oktober 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
CFEngine |
|
Originalnachricht |
------------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200310-2 ------------------------------------------------------------------------------- Package : cfengine Summary : stack overflow in cfengine network code Date : 2003-10-04 23:30 UTC Exploit : remote Versions Affected : < 2.0.8, 2.1.0a6-a9 Fixed Version : >= 2.0.8, >=2.1.0b1 Gentoo Bug ID : 28910 CVE : we are not aware of any at this time -------------------------------------------------------------------------------
DESCRIPTION ===========
From the bugtraq posting:
"There is an exploitable stack overflow in the network I/O code used in the cfservd daemon in Cfengine 2.x prior to version 2.0.8. Arbitrary code execution has been demonstrated on x86 FreeBSD and is believed to be possible on all platforms.
Cfengine 1 is not vulnerable, but downgrading is not recommended as version 1 is nolonger supported by the author."
Read the full advisory at: http://packetstormsecurity.nl/0309-advisories/cfengine.txt
SOLUTION ========
It is recommended that all Gentoo Linux users who are using net-misc/cfengine upgrade to a fixed version.
emerge sync emerge -p cfengine emerge cfengine emerge clean
--------------------------------------------------------------------------- Kurt Lieber klieber@gentoo.org
GPG Key is available at http://dev.gentoo.org/~klieber/klieber.gpg ---------------------------------------------------------------------------
|
|
|
|