Gain a shell remotely : cfengine format string vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.14316

Kategorie: Gain a shell remotely

Titel: cfengine format string vulnerability

Zusammenfassung: Cfengine is running on this remote host.;; Cfengine contains a component, cfd, which serves as a remote-configuration; client to cfengine. This version of cfd contains several flaws in the; way that it calls syslog(). As a result, trusted hosts and valid users; (if access controls are not in place) can cause the vulnerable host to; log malicious data which, when logged, can either crash the server or; execute arbitrary code on the stack. In the latter case, the code would; be executed as the 'root' user.

Beschreibung: Summary:
Cfengine is running on this remote host.

Cfengine contains a component, cfd, which serves as a remote-configuration
client to cfengine. This version of cfd contains several flaws in the
way that it calls syslog(). As a result, trusted hosts and valid users
(if access controls are not in place) can cause the vulnerable host to
log malicious data which, when logged, can either crash the server or
execute arbitrary code on the stack. In the latter case, the code would
be executed as the 'root' user.

Solution:
Upgrade to 1.6.0a11 or newer

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 1757
Common Vulnerability Exposure (CVE) ID: CVE-2000-0947
http://www.securityfocus.com/bid/1757
Bugtraq: 20001002 Very probable remote root vulnerability in cfengine (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
NETBSD Security Advisory: NetBSD-SA2000-013
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
XForce ISS Database: cfengine-cfd-format-string(5630)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5630

Copyright This script is Copyright (C) 2004 David Maciejak

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.14316
Kategorie:	Gain a shell remotely
Titel:	cfengine format string vulnerability
Zusammenfassung:	Cfengine is running on this remote host.;; Cfengine contains a component, cfd, which serves as a remote-configuration; client to cfengine. This version of cfd contains several flaws in the; way that it calls syslog(). As a result, trusted hosts and valid users; (if access controls are not in place) can cause the vulnerable host to; log malicious data which, when logged, can either crash the server or; execute arbitrary code on the stack. In the latter case, the code would; be executed as the 'root' user.
Beschreibung:	Summary: Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog(). As a result, trusted hosts and valid users (if access controls are not in place) can cause the vulnerable host to log malicious data which, when logged, can either crash the server or execute arbitrary code on the stack. In the latter case, the code would be executed as the 'root' user. Solution: Upgrade to 1.6.0a11 or newer CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 1757 Common Vulnerability Exposure (CVE) ID: CVE-2000-0947 http://www.securityfocus.com/bid/1757 Bugtraq: 20001002 Very probable remote root vulnerability in cfengine (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1 NETBSD Security Advisory: NetBSD-SA2000-013 ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc XForce ISS Database: cfengine-cfd-format-string(5630) https://exchange.xforce.ibmcloud.com/vulnerabilities/5630
Copyright	This script is Copyright (C) 2004 David Maciejak