Vulnerability Details : CVE-2004-1702
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
Vulnerability category: Denial of service
Products affected by CVE-2004-1702
- cpe:2.3:a:gnu:cfengine:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.5:pre:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.5:pre2:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.1.0:a8:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.1.0:a9:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.5:b1:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.7:p3:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.1.0:a6:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.7:p1:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.7:p2:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.0.8:p1:*:*:*:*:*:*
- cpe:2.3:a:gnu:cfengine:2.1.7:p1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1702
1.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1702
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2004-1702
-
http://security.gentoo.org/glsa/glsa-200408-08.xml
Exploit;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/10900
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16937
-
http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10
Exploit;Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=109208394910086&w=2
Jump to