Mandrake Linux Security Advisory : cfengine (MDKSA-2000:061)
Critical Nessus Plugin ID 61848
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionThe GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. There are a number of string format vulnerabilities in syslog() calls that can be abused to either make the cfengine program segfault and die or to execute arbitrary commands as the user the cfengine program runs as (usually root). The problems are fixed in this update and all Linux-Mandrake users are encouraged to upgrade.
SolutionUpdate the affected cfengine package.