Vulnerabilities > CVE-2000-0947 - Unspecified vulnerability in GNU Cfengine 1.5/1.5.34/1.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family Gain a shell remotely NASL id CFENGINE_FORMAT_STRING_VULN.NASL description Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog(). As a result, trusted hosts and valid users (if access controls are not in place) can cause the vulnerable host to log malicious data which, when logged, can either crash the server or execute arbitrary code on the stack. In the latter case, the code would be executed as the last seen 2020-06-01 modified 2020-06-02 plugin id 14316 published 2004-08-20 reporter This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14316 title Cfengine CAUTH Command Remote Format String code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(14316); script_version("1.17"); script_cvs_date("Date: 2018/07/03 15:35:24"); script_cve_id("CVE-2000-0947"); script_bugtraq_id(1757); script_name(english:"Cfengine CAUTH Command Remote Format String"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by a remote command execution vulnerability." ); script_set_attribute(attribute:"description", value: "Cfengine is running on this remote host. Cfengine contains a component, cfd, which serves as a remote-configuration client to cfengine. This version of cfd contains several flaws in the way that it calls syslog(). As a result, trusted hosts and valid users (if access controls are not in place) can cause the vulnerable host to log malicious data which, when logged, can either crash the server or execute arbitrary code on the stack. In the latter case, the code would be executed as the 'root' user." ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2328dff9" ); script_set_attribute(attribute:"solution", value: "Upgrade to 1.6.0a11 or newer" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/20"); script_set_attribute(attribute:"vuln_publication_date", value: "2000/10/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_summary(english:"check for cfengine flaw based on its version"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gain a shell remotely"); script_require_ports(5308); script_dependencies("cfengine_detect.nasl"); exit(0); } port = 5308; if ( ! get_kb_item("cfengine/running") ) exit(0); version = get_kb_item("cfengine/version"); if (version) { if (egrep(pattern:"^1\.([0-5]\..*|6\.0a([0-9]|10)[^0-9])", string:version)) security_hole(port); }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2000-061.NASL description The GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. There are a number of string format vulnerabilities in syslog() calls that can be abused to either make the cfengine program segfault and die or to execute arbitrary commands as the user the cfengine program runs as (usually root). The problems are fixed in this update and all Linux-Mandrake users are encouraged to upgrade. last seen 2020-06-01 modified 2020-06-02 plugin id 61848 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61848 title Mandrake Linux Security Advisory : cfengine (MDKSA-2000:061) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2000:061. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(61848); script_version("1.5"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2000-0947"); script_xref(name:"MDKSA", value:"2000:061"); script_name(english:"Mandrake Linux Security Advisory : cfengine (MDKSA-2000:061)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "The GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. There are a number of string format vulnerabilities in syslog() calls that can be abused to either make the cfengine program segfault and die or to execute arbitrary commands as the user the cfengine program runs as (usually root). The problems are fixed in this update and all Linux-Mandrake users are encouraged to upgrade." ); script_set_attribute( attribute:"solution", value:"Update the affected cfengine package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cfengine"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"patch_publication_date", value:"2000/10/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"cfengine-1.5.4-5mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
- http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
- http://www.securityfocus.com/bid/1757
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5630