CVE-2003-0849

cfengine <2.0.8 - Buffer Overflow

Title source: llm

Description

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

Exploits (3)

exploitdb WORKING POC VERIFIED

by snooq · cremotelinux

https://www.exploit-db.com/exploits/23183

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by kokanin · perlremotebsd

https://www.exploit-db.com/exploits/105

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by jsk · cremotelinux

https://www.exploit-db.com/exploits/23182

View Code ZIP pw:eip

References (3)

[Mailing List] http://marc.info/?l=bugtraq&m=106451047819552&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=106485375218280&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=106546086216984&w=2

Scores

EPSS 0.0768

EPSS Percentile 91.9%

Details

Status published

Products (9)

gnu/cfengine 2.0.0

gnu/cfengine 2.0.1

gnu/cfengine 2.0.2

gnu/cfengine 2.0.3

gnu/cfengine 2.0.4

gnu/cfengine 2.0.5 (4 CPE variants)

gnu/cfengine 2.0.6

gnu/cfengine 2.0.7 (4 CPE variants)

gnu/cfengine 2.1.0 a6 (3 CPE variants)

Published Nov 17, 2003

Tracked Since Feb 18, 2026