Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0666

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0666
Last Modified 05 Sep 2008 04:21:35
Published 16 Jul 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0666

Summary

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

Vulnerable Systems

Operating System

  • Conectiva Linux 4.0

  • Conectiva Linux 4.0es

  • Conectiva Linux 4.1

  • Conectiva Linux 4.2

  • Conectiva Linux 5.0

  • Conectiva Linux 5.1

  • Debian Linux 2.2

  • Debian Linux 2.3

  • Redhat Linux 6.0

  • Redhat Linux 6.1

  • Redhat Linux 6.2

  • Suse Linux 6.3

  • Suse Linux 6.4

  • Suse Linux 7.0

  • Trustix Secure Linux 1.0

  • Trustix Secure Linux 1.1


References

CERT - CA-2000-17

XF - linux-rpcstatd-format-overwrite

BID - 1480

BUGTRAQ - 20000716 Lots and lots of fun with rpc.statd

REDHAT - RHSA-2000:043

CALDERA - CSSA-2000-025.0

BUGTRAQ - 20000718 [Security Announce] MDKSA-2000:021 nfs-utils update

BUGTRAQ - 20000718 Trustix Security Advisory - nfs-utils

BUGTRAQ - 20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils


Last Updated: 27 May 2016 10:35:49