Vulnerabilities > CVE-2000-0666 - Remote Format String vulnerability in Multiple Linux Vendor rpc.statd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 6 | |
| OS | 8 | |
| OS | 9 | |
| OS | 7 | |
| OS | 2 |
Exploit-Db
description Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String (1). CVE-2000-0666. Remote exploit for linux platform id EDB-ID:20075 last seen 2016-02-02 modified 2000-07-16 published 2000-07-16 reporter drow source https://www.exploit-db.com/download/20075/ title Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String 1 description Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String (2). CVE-2000-0666. Remote exploit for linux platform id EDB-ID:20076 last seen 2016-02-02 modified 2000-08-01 published 2000-08-01 reporter Doing source https://www.exploit-db.com/download/20076/ title Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String 2 description Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String (3). CVE-2000-0666. Remote exploit for linux platform id EDB-ID:20077 last seen 2016-02-02 modified 2000-08-03 published 2000-08-03 reporter ron1n source https://www.exploit-db.com/download/20077/ title Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String 3
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2000-021.NASL description A bug recently discovered in the nfs-utils package can theoretically be used for gaining remote root access. While there are currently no known exploits for this bug, we recommend upgrading to the latest version which fixes the bug. last seen 2020-06-01 modified 2020-06-02 plugin id 61819 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61819 title Mandrake Linux Security Advisory : nfs-utils (MDKSA-2000:021) NASL family RPC NASL id STATD_FORMAT_STRING.NASL description The remote statd service could be brought down with a format string attack - it now needs to be restarted manually. This means that an attacker may execute arbitrary code thanks to a bug in this daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 10544 published 2000-11-10 reporter This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10544 title Linux Multiple statd Packages Remote Format String NASL family Red Hat Local Security Checks NASL id REDHAT_FIXES.NASL description This plugin writes in the knowledge base the CVE ids that we know Red Hat enterprise Linux is not vulnerable to. last seen 2020-06-01 modified 2020-06-02 plugin id 12512 published 2004-07-06 reporter This script is Copyright (C) 2004-2011 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12512 title Red Hat Enterprise Linux fixes
Redhat
| advisories |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt
- http://www.cert.org/advisories/CA-2000-17.html
- http://www.redhat.com/support/errata/RHSA-2000-043.html
- http://www.securityfocus.com/bid/1480
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4939