GLSA-201412-15 : MCollective: Privilege escalation
Medium Nessus Plugin ID 79968
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201412-15 (MCollective: Privilege escalation)
Two vulnerabilities have been found in MCollective:
An untrusted search path vulnerability exists in MCollective (CVE-2014-3248) MCollective does not properly validate server certificates (CVE-2014-3251) Impact :
A local attacker can execute arbitrary a Trojan horse shared library, potentially resulting in arbitrary code execution and privilege escalation. Furthermore, a local attacker may be able to establish unauthorized MCollective connections.
There is no known workaround at this time.
SolutionAll MCollective users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/mcollective-2.5.3'