Family: Gain root remotely --> Category: infos
cfengine format string vulnerability Vulnerability Scan
Vulnerability Scan Summary
check for cfengine flaw based on its version
Detailed Explanation for this Vulnerability Test
Cfengine is running on this remote host.
Cfengine contains a component, cfd, which serves as a remote-configuration
client to cfengine. This version of cfd contains several flaws in the
way that it calls syslog(). As a result, trusted hosts and valid users
(if access controls are not in place) can cause the vulnerable host to
log malicious data which, when logged, can either crash the server or
execute arbitrary code on the stack. In the latter case, the code would
be executed as the 'root' user.
Solution: Upgrade to 1.6.0a11 or newer
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.