cfengine < 2.0.8 seems to be vulnerable to a remote root exploit. Port sysutils/cfengine2 has version 2.0.3, the port is part of the upcoming 4.9 release. The FreeBSD Security Officer Team was notified on September 30th, 2003. Fix: PR 56710 has an update to version 2.0.8p1, which is not vulnerable. Otherwise the port should be marked forbidden until it is upgraded. How-To-Repeat: Advisories: http://www.securityfocus.com/archive/1/339083 http://packetstormsecurity.nl/0309-advisories/cfengine.txt http://www.securityfocus.com/bid/8699/ http://mail.gnu.org/archive/html/bug-cfengine/2003-08/msg00014.html Exploit: http://www.securityfocus.com/archive/1/339492 (Red Hat)
Responsible Changed From-To: freebsd-ports-bugs->fanf Over to maintainer
The port has been marked as forbidden in 4.9: http://www.freebsd.org/cgi/cvsweb.cgi/ports/sysutils/cfengine2/Makefile.diff?r1=1.26&r2=1.27 This PR can be closed.
Responsible Changed From-To: fanf->freebsd-ports-bugs Port maintainer was reset
State Changed From-To: open->closed Committed, Thanks
State Changed From-To: open->closed Closed by PR: 56710