FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
ecea9e92-0be5-4931-88da-8772d044972a | mcollective -- cert valication issue
Melissa Stone reports:
The MCollective aes_security public key plugin does not correctly
validate certs against the CA. By exploiting this vulnerability
within a race/initialization window, an attacker with local access
could initiate an unauthorized MCollective client connection with a
server, and thus control the mcollective plugins running on that
server. This vulnerability requires a collective be configured to
use the aes_security plugin. Puppet Enterprise and open source
MCollective are not configured to use the plugin and are not
vulnerable by default.
Discovery 2014-07-09 Entry 2014-07-21 mcollective
< 2.5.3
CVE-2014-3251
https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4
|