This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Melissa Stone reports :
The MCollective aes_security public key plugin does not correctly
validate certs against the CA. By exploiting this vulnerability within
a race/initialization window, an attacker with local access could
initiate an unauthorized MCollective client connection with a server,
and thus control the mcollective plugins running on that server. This
vulnerability requires a collective be configured to use the
aes_security plugin. Puppet Enterprise and open source MCollective are
not configured to use the plugin and are not vulnerable by default.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.4