Debian DSA-116-1 : cfs - buffer overflow

high Nessus Plugin ID 14953

Synopsis

The remote Debian host is missing a security-related update.

Description

Zorgon found several buffer overflows in cfsd, a daemon that pushes encryption services into the Unix(tm) file system. We are not yet sure if these overflows can successfully be exploited to gain root access to the machine running the CFS daemon. However, since cfsd can easily be forced to die, a malicious user can easily perform a denial of service attack to it.

Solution

Upgrade the cfs package immediately.

This problem has been fixed in version 1.3.3-8.1 for the stable Debian distribution and in version 1.4.1-5 for the testing and unstable distribution of Debian.

See Also

http://www.debian.org/security/2002/dsa-116

Plugin Details

Severity: High

ID: 14953

File Name: debian_DSA-116.nasl

Version: 1.20

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:cfs, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 3/2/2002

Vulnerability Publication Date: 3/2/2002

Reference Information

CVE: CVE-2002-0351

DSA: 116