OpenVMPS Logging Function Format String

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote host is running a service that is affected by a format
string vulnerability.

Description :

The remote host appears to be running OpenVMPS, an open source VLAN
Management Policy Server (VMPS).

There is a format string vulnerability in versions of OpenVMPS up to
and including 1.3 that may allow remote attackers to crash the server
or execute code on the affected host subject to the privileges under
which the server operates, possibly root.

Solution :

Use a firewall to filter access to the affected port.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.1
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 20067 ()

Bugtraq ID: 15072

CVE ID: CVE-2005-4714