Gain a shell remotely : cfengine format string vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.14316

Categoría: Gain a shell remotely

Título: cfengine format string vulnerability

Resumen: Cfengine is running on this remote host.;; Cfengine contains a component, cfd, which serves as a remote-configuration; client to cfengine. This version of cfd contains several flaws in the; way that it calls syslog(). As a result, trusted hosts and valid users; (if access controls are not in place) can cause the vulnerable host to; log malicious data which, when logged, can either crash the server or; execute arbitrary code on the stack. In the latter case, the code would; be executed as the 'root' user.

Descripción: Summary:
Cfengine is running on this remote host.

Cfengine contains a component, cfd, which serves as a remote-configuration
client to cfengine. This version of cfd contains several flaws in the
way that it calls syslog(). As a result, trusted hosts and valid users
(if access controls are not in place) can cause the vulnerable host to
log malicious data which, when logged, can either crash the server or
execute arbitrary code on the stack. In the latter case, the code would
be executed as the 'root' user.

Solution:
Upgrade to 1.6.0a11 or newer

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2000-0947
BugTraq ID: 1757
http://www.securityfocus.com/bid/1757
Bugtraq: 20001002 Very probable remote root vulnerability in cfengine (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
NETBSD Security Advisory: NetBSD-SA2000-013
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
XForce ISS Database: cfengine-cfd-format-string(5630)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5630

Copyright Copyright (C) 2004 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.14316
Categoría:	Gain a shell remotely
Título:	cfengine format string vulnerability
Resumen:	Cfengine is running on this remote host.;; Cfengine contains a component, cfd, which serves as a remote-configuration; client to cfengine. This version of cfd contains several flaws in the; way that it calls syslog(). As a result, trusted hosts and valid users; (if access controls are not in place) can cause the vulnerable host to; log malicious data which, when logged, can either crash the server or; execute arbitrary code on the stack. In the latter case, the code would; be executed as the 'root' user.
Descripción:	Summary: Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog(). As a result, trusted hosts and valid users (if access controls are not in place) can cause the vulnerable host to log malicious data which, when logged, can either crash the server or execute arbitrary code on the stack. In the latter case, the code would be executed as the 'root' user. Solution: Upgrade to 1.6.0a11 or newer CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2000-0947 BugTraq ID: 1757 http://www.securityfocus.com/bid/1757 Bugtraq: 20001002 Very probable remote root vulnerability in cfengine (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1 NETBSD Security Advisory: NetBSD-SA2000-013 ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc XForce ISS Database: cfengine-cfd-format-string(5630) https://exchange.xforce.ibmcloud.com/vulnerabilities/5630
Copyright	Copyright (C) 2004 David Maciejak