Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2014-3251: MCollective: Privilege escalation

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Gentoo Linux: CVE-2014-3251: MCollective: Privilege escalation

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

08/12/2014

Created

07/25/2018

Added

10/30/2017

Modified

05/09/2019

Description

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

Solution(s)

gentoo-linux-upgrade-app-admin-mcollective

References

https://attackerkb.com/topics/cve-2014-3251
CVE - 2014-3251
201412-15

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2014-3251: MCollective: Privilege escalation

Gentoo Linux: CVE-2014-3251: MCollective: Privilege escalation

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.