FreeBSD : puppet-agent MCollective plugin -- Remote Code Execution vulnerability (df502a2f-61f6-11e6-a461-643150d3111d)
Medium Nessus Plugin ID 92963
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionPuppet reports :
Puppet Enterprise previously included a puppet-agent MCollective plugin that allowed you to pass the `--server` argument to MCollective. This insecure argument enabled remote code execution via connection to an untrusted host. The puppet-agent MCollective version included in PE 2016.2.1, this option is disabled by default.
SolutionUpdate the affected package.