CVE-2004-1702

Name of the Vulnerable Software and Affected Versions Cfengine versions 2.0.0 through 2.1.7p1

Description The issue is related to the AuthenticationDialogue function in cfservd, which does not properly check the return value of the ReceiveTransaction function. This leads to a failed malloc call and triggers a null dereference, allowing remote attackers to cause a denial of service (crash). Additionally, there are multiple vulnerabilities in the cfengine package that can lead to violations of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For Cfengine versions 2.0.0 through 2.1.7p1, consider disabling the AuthenticationDialogue function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.