Red Hat Bugzilla – Bug 149253
cfengine rsa heap remote exploit
Last modified: 2007-11-30 17:11:00 EST
Dunno if this is present in the cfengine package currently in extras, but
probably worth checking out:
(I'm not a cfengine user, just happened to notice this message on Bugtraq.)
At least the code in given URL would seem to indicate that its targeted against
2.1.7p1 and FC3 extras has 2.1.9p2. Also here is what Mark Burgess (author of
cfengine) has written in their mailing list
This is not enough information to go on. Where does this come from and
when did it appear? It appears to be old. (2.1.7). In that case it
refers to a bug that was patched in 2.1.8. More information please.
So are you still maintaining cfengine?
I am not currently using cfengine anywhere in real life and don't seem to have
lot of freetime, so if someone has interest to take it as his/her responsible, I
don't have any objections against it.
Reason, why I checked this case was mostly for professional curiosity and I know
couple people, who are using cfengine on their environments.
Fixed in 2.1.8.
Currently extras is providing 2.1.13, so this shouldn't be an issue.