CVE-2000-0947

Опубликовано: 19 дек. 2000

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

Ссылки

ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
Patch
Vendor Advisory
http://www.securityfocus.com/bid/1757
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5630
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
Patch
Vendor Advisory
http://www.securityfocus.com/bid/1757
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5630

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gnu:cfengine:1.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:1.5.3-4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:cfengine:1.6:a10:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00921

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-32j9-px4f-v6vv

github

почти 4 года назад