|
Family: Gain a shell remotely --> Category: attack
rwhois format string attack (2) Vulnerability Scan
Vulnerability Scan Summary Acertains if rwhois is vulnerable to a format string attack
Detailed Explanation for this Vulnerability Test
The remote rwhois daemon is vulnerable to a format string
attack when supplied malformed arguments to a malformed request.
(such as %p%p%p)
A possible hacker may use this flaw to gain a shell on this host.
*** Note that Nessus solely relied on the banner version to
*** issue this warning. If you manually patched rwhoisd, you
*** may not be vulnerable to this flaw
Threat Level: High
Solution : Disable this service or upgrade to version 1.5.7.3 or newer
Click HERE for more information and discussions on this network vulnerability scan.
|