Vulnerability Description
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Cfengine | 1.5 |
References
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.a
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
- http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1PatchVendor Advisory
- http://www.securityfocus.com/bid/1757PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5630
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.a
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
- http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1PatchVendor Advisory
- http://www.securityfocus.com/bid/1757PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5630
FAQ
What is CVE-2000-0947?
CVE-2000-0947 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
How severe is CVE-2000-0947?
CVE-2000-0947 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0947?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Cfengine.