GNU cfengine security advisory

33

Author: JT Smith

LWN.net has posted an advisory about GNU cfengine: “GNU cfengine is an abstract programming language for system
administrators of large heterogeneous networks, used for maintenance
and administration. Pekka Savola has found several
format string vulnerabilities in syslog() calls that can be abused to
either make the cfengine program to segfault and die or to execute
arbitrary commands as the user the cfengine process runs as (usually
root).”

Category:

  • Linux