Mandrake Linux Security Advisory : cfengine (MDKSA-2000:061)

Critical Nessus Plugin ID 61848


The remote Mandrake Linux host is missing a security update.


The GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. There are a number of string format vulnerabilities in syslog() calls that can be abused to either make the cfengine program segfault and die or to execute arbitrary commands as the user the cfengine program runs as (usually root). The problems are fixed in this update and all Linux-Mandrake users are encouraged to upgrade.


Update the affected cfengine package.

Plugin Details

Severity: Critical

ID: 61848

File Name: mandrake_MDKSA-2000-061.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/09/06

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:cfengine, cpe:/o:mandrakesoft:mandrake_linux:7.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2000/10/12

Reference Information

CVE: CVE-2000-0947

MDKSA: 2000:061