Gentoo Bug 59895 - net-misc/cfengine-2.1.8 fixes RSA Authentication Heap Corruption

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	59895
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 59895 depends on:			Show dependency tree
Bug 59895 blocks:			Show dependency tree

Votes:	0 Show votes for this bug Vote for this bug

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2004-08-09 13:50 0000

Two vulnerabilities were found in cfservd, a daemon which acts as both a file
server and a remote cfagent executor. This daemon authenticates requests from
the network and processes them. If exploited, the first vulnerability allows an
attacker to execute arbitrary code with those privileges of root. The second
vulnerability allows an attacker to crash the server, denying service to
further requests.

------- Comment #1 From Sune Kloppenborg Jeppesen 2004-08-09 13:58:44 0000 -------

Kurt this is your baby.

------- Comment #2 From Sune Kloppenborg Jeppesen 2004-08-09 14:30:04 0000 -------

Bumping to 2.1.9 seems to work.

Security : GLSA drafted please review.

------- Comment #3 From Kurt Lieber 2004-08-09 17:16:08 0000 -------

Another URL that might be useful in drafting the GLSA:

http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10

Committed 2.1.9 directly to stable on x86 after testing it on my machine.  As soon as sparc stables it, we're good to go.

------- Comment #4 From Sune Kloppenborg Jeppesen 2004-08-10 03:30:34 0000 -------

Woops Kurt didn't CC sparc.

sparc please mark stable ASAP so the GLSA can go out.

------- Comment #5 From Jason Wever (RETIRED) 2004-08-10 06:34:50 0000 -------

sparc me amadeus

------- Comment #6 From Sune Kloppenborg Jeppesen 2004-08-12 09:13:50 0000 -------

woops closing for Kurt.

GLSA 200408-08

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 59895

net-misc/cfengine-2.1.8 fixes RSA Authentication Heap Corruption

Last modified: 2004-09-22 21:55:52 0000