Vulnerability Description
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Cfengine | 2.0.0 |
References
- http://marc.info/?l=bugtraq&m=106451047819552&w=2
- http://marc.info/?l=bugtraq&m=106485375218280&w=2
- http://marc.info/?l=bugtraq&m=106546086216984&w=2
- http://marc.info/?l=bugtraq&m=106451047819552&w=2
- http://marc.info/?l=bugtraq&m=106485375218280&w=2
- http://marc.info/?l=bugtraq&m=106546086216984&w=2
FAQ
What is CVE-2003-0849?
CVE-2003-0849 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction fun...
How severe is CVE-2003-0849?
CVE-2003-0849 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0849?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Cfengine.