CVE-2000-0947

3 documents3 sources

Severity

10.0CRITICAL

EPSS

0.9%

top 24.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Cfengine

Timeline

PublishedDec 19

Latest updateMay 3

Description

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDgnu/cfengine1.5, 1.5.3-4, 1.6+2

Patches

Patch: www.linux-mandrake.com ↗Patch: www.securityfocus.com ↗Patch: www.linux-mandrake.com ↗

🔴Vulnerability Details

GHSA

GHSA-32j9-px4f-v6vv: Format string vulnerability in cfd daemon in GNU CFEngine before 1↗2022-05-03

▶

CVEList

CVE-2000-0947: Format string vulnerability in cfd daemon in GNU CFEngine before 1↗2001-01-22

▶