Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Sun, 5 Oct 2003 12:24:45 -0400
From: Kurt Lieber <klieber@gentoo.org>
To: bugtraq@securityfocus.com
Subject: GLSA: cfengine (200310-02)

--1lunsuUmAnJfItxL
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

---------------------------------------------------------------------------=
----
GENTOO LINUX SECURITY ANNOUNCEMENT 200310-02
---------------------------------------------------------------------------=
----
          Package : cfengine
          Summary : stack overflow in cfengine network code
             Date : 2003-10-04 23:30 UTC
          Exploit : remote
Versions Affected : < 2.0.8, 2.1.0a6-a9
    Fixed Version : >=3D 2.0.8, >=3D2.1.0b1
    Gentoo Bug ID : 28910
              CVE : we are not aware of any at this time
---------------------------------------------------------------------------=
----

DESCRIPTION
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

=46rom the bugtraq posting:

"There is an exploitable stack overflow in the network I/O code used in the
cfservd daemon in Cfengine 2.x prior to version 2.0.8.  Arbitrary code
execution has been demonstrated on x86 FreeBSD and is believed to be possib=
le
on all platforms.

Cfengine 1 is not vulnerable, but downgrading is not recommended as version=
 1
is nolonger supported by the author."

Read the full advisory at:
http://packetstormsecurity.nl/0309-advisories/cfengine.txt


SOLUTION
=3D=3D=3D=3D=3D=3D=3D=3D

It is recommended that all Gentoo Linux users who are using net-misc/cfengi=
ne
upgrade to a fixed version.

emerge sync
emerge -p cfengine
emerge cfengine
emerge clean

---------------------------------------------------------------------------=
----
Kurt Lieber         =20
klieber@gentoo.org

GPG Key is available at http://dev.gentoo.org/~klieber/klieber.gpg
---------------------------------------------------------------------------=
----

--1lunsuUmAnJfItxL
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/gEXLJPpRNiftIEYRAq5EAKCKXvJDIlA1R1HKe1HCEynF4SUYfwCfSSfA
pApG8FXu03Rok1yxK0iP38M=
=CIW5
-----END PGP SIGNATURE-----

--1lunsuUmAnJfItxL--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: