CVE-2000-0666

Severity

99%

Complexity

99%

Confidentiality

165%

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 24 years ago

2000-07-16 04:00:00

Last updated 6 years ago

2018-05-03 01:29:00

Affected Software

Conectiva Conectiva Linux 4.0

4.0

Conectiva Conectiva Linux 4.0es

4.0es

Conectiva Conectiva Linux 4.1

4.1

Conectiva Conectiva Linux 4.2

4.2

Conectiva Conectiva Linux 5.0

5.0

Conectiva Conectiva Linux 5.1

5.1

Debian Debian Linux 2.2

2.2

Debian Debian Linux 2.3

2.3

SuSE SuSE Linux 6.3

6.3

SuSE SuSE Linux 6.3 alpha

6.3

SuSE SuSE Linux 6.4

6.4

SuSE SuSE Linux 6.4 alpha

6.4

SuSE SuSE Linux 7.0

7.0

Trustix Trustix Linux 1.0

1.0

Trustix Secure Linux 1.1

1.1

References

20000716 Lots and lots of fun with rpc.statd

Exploit, Patch, Vendor Advisory

20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils

20000718 Trustix Security Advisory - nfs-utils

20000718 [Security Announce] MDKSA-2000:021 nfs-utils update

CSSA-2000-025.0

CA-2000-17

US Government Resource

RHSA-2000:043

1480

Exploit, Patch, Vendor Advisory

linux-rpcstatd-format-overwrite(4939)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.