📄 cfengine_format_string_vuln.nasl
字号:
# This script was written by David Maciejak <david dot maciejak at kyxar dot fr>## GPL## Ref: Pekka Savola <pekkas@netcore.fi>if(description){ script_id(14316); script_bugtraq_id(1757); script_version ("$Revision: 38 $"); script_cve_id("CVE-2000-0947"); if ( defined_func("script_xref") ) script_xref(name:"OSVDB", value:"1590"); name["english"] = "cfengine format string vulnerability"; script_name(english:name["english"]); desc["english"] = "Cfengine is running on this remote host.Cfengine contains a component, cfd, which serves as a remote-configurationclient to cfengine. This version of cfd contains several flaws in theway that it calls syslog(). As a result, trusted hosts and valid users(if access controls are not in place) can cause the vulnerable host tolog malicious data which, when logged, can either crash the server orexecute arbitrary code on the stack. In the latter case, the code wouldbe executed as the 'root' user.Solution: Upgrade to 1.6.0a11 or newerRisk factor : High"; script_description(english:desc["english"]); summary["english"] = "check for cfengine flaw based on its version"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004 David Maciejak"); family["english"] = "Gain root remotely"; family["francais"] = "Passer root ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -