|
Family: Gain root remotely --> Category: denial
OpenVMPS Logging Format String Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for a format string vulnerability in OpenVMPS' logging
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host is running a service that is affected by a format
string vulnerability.
Description :
The remote host appears to be running OpenVMPS, an open-source VLAN
Management Policy Server (VMPS).
There is a format string vulnerability in versions of OpenVMPS up to
and including 1.3 that may allow remote attackers to crash the server
or execute code on the affected host subject to the rights under
which the server operates, possibly root.
See also :
http://mazahaquer.h0nest.org/PRIVOXY-FORCE/adv/0x6D48-001-openvmps.txt
Solution :
Use a firewall to filter access to the affected port.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|