Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gain root remotely --> Category: infos

cfengine format string vulnerability Vulnerability Scan

Vulnerability Scan Summary
check for cfengine flaw based on its version

Detailed Explanation for this Vulnerability Test

Cfengine is running on this remote host.

Cfengine contains a component, cfd, which serves as a remote-configuration
client to cfengine. This version of cfd contains several flaws in the
way that it calls syslog(). As a result, trusted hosts and valid users
(if access controls are not in place) can cause the vulnerable host to
log malicious data which, when logged, can either crash the server or
execute arbitrary code on the stack. In the latter case, the code would
be executed as the 'root' user.

Solution: Upgrade to 1.6.0a11 or newer

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.