Mandrake Linux Security Advisory : cfengine (MDKSA-2000:061)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

The GNU cfengine is an abstract programming language for system
administrators of large heterogeneous networks, used for maintenance
and administration. There are a number of string format
vulnerabilities in syslog() calls that can be abused to either make
the cfengine program segfault and die or to execute arbitrary commands
as the user the cfengine program runs as (usually root). The problems
are fixed in this update and all Linux-Mandrake users are encouraged
to upgrade.

Solution :

Update the affected cfengine package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61848 ()

Bugtraq ID:

CVE ID: CVE-2000-0947

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now