GNU CFEngine AuthenticationDialogue Remote Heap Based Buffer Overrun Vulnerability

GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue() function.

The issue exists due to a lack of sufficient boundary checks performed on challenge data that is received from a client.

Because the size of the buffer, the size of data copied in a memcpy() operation, and the data copied are all controlled by the attacker, a remote attacker may likely exploit this condition to corrupt in-line heap based memory management data.

cfservd employs an IP based access control method. This access control must be bypassed prior to exploitation. This may hinder exploitation attempts.

This vulnerability is reported to affect versions 2.0.0 to 2.1.7p1 of cfengine cfservd.


Privacy Statement
Copyright 2010, SecurityFocus