Re: CFengine

[Jeff Bachtel <sebastion () IRELANDMAIL COM>]

> From the cfengine documentation, the 5308 port should only be used as
a semaphore to call pre-created scripts on client cfengine machines.

I don't think anyone's audited the code, however, so it is still
possible there might be buffer overflows useable to overwrite the
stack/heap and execute arbitrary code.

jeff

On Tue, Aug 08, 2000 at 11:55:28AM -0400, Mike wrote:
> Hey.
>
> I am thinking of implementing Cfengine for managing configuration files,
> packages, and patches for our differet servers and locations.
>
> Anyone heard of any security flaws with CFengine via its TCP port 5308?
>
> -M