CVE-2000-0947
GNU CFEngine - Remote Code Execution via CAUTH Command Format String
Title source: llmDescription
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
References (5)
Core 5
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
Patch, Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
Vendor Advisory vendor-advisory
x_refsource_netbsd
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5630
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1757
Scores
EPSS
0.0092
EPSS Percentile
76.2%
Details
Status
published
Products (3)
gnu/cfengine
1.5
gnu/cfengine
1.5.3-4
gnu/cfengine
1.6 a10
Published
Dec 19, 2000
Tracked Since
Feb 18, 2026