| Vulnerability Name: | CVE-2000-0666 (CCN-4939) |
| Assigned: | 2000-07-15 |
| Published: | 2000-07-15 |
| Updated: | 2018-05-03 |
| Summary: | rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
|
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2000-025.0
rpc.statd is not a problem on OpenLinux
Source: BUGTRAQ
Type: Exploit, Patch, Vendor Advisory
20000716 Lots and lots of fun with rpc.statd
Source: CCN
Type: BugTraq Mailing List, Sun Jul 16 2000 - 21:45:10 CDT
Lots and lots of fun with rpc.statd
Source: BUGTRAQ
Type: UNKNOWN
20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
Source: CCN
Type: Conectiva Linux Announcement CLSA-2000:250
nfs-utils: Remote root exploit
Source: BUGTRAQ
Type: UNKNOWN
20000718 Trustix Security Advisory - nfs-utils
Source: CCN
Type: BugTraq Mailing List, Tue Jul 18 2000 - 04:16:13 CDT
Trustix Security Advisory - nfs-utils
Source: CCN
Type: BugTraq Mailing List, Tue Jul 18 2000 - 10:10:50 CDT
[Paper] Format bugs.
Source: BUGTRAQ
Type: UNKNOWN
20000718 [Security Announce] MDKSA-2000:021 nfs-utils update
Source: CCN
Type: BugTraq Mailing List, Tue Jul 18 2000 - 20:43:19 CDT
Linux-Mandrake Security Update Advisory MDKSA-2000:021
Source: MITRE
Type: CNA
CVE-2000-0666
Source: MITRE
Type: CNA
CVE-2000-0800
Source: CCN
Type: RHSA-2000-043
Revised advisory: Updated package for nfs-utils available
Source: CALDERA
Type: UNKNOWN
CSSA-2000-025.0
Source: CCN
Type: CERT Advisory CA-2000-17
Input Validation Problem in rpc.statd
Source: CERT
Type: US Government Resource
CA-2000-17
Source: CCN
Type: CIAC Information Bulletin K-069
Input Validation Problem in rpc.statd
Source: DEBIAN
Type: Debian Security Advisory 20000719a
nfs-common (from nfs-utils)
Source: CCN
Type: US-CERT VU#34043
rpc.statd vulnerable to remote root compromise via format string stack overwrite
Source: CCN
Type: OSVDB ID: 443
Linux nfs-utils rpc.statd Remote Format String
Source: CCN
Type: OSVDB ID: 57715
Linux knfsd / linuxnfs rpc.kstatd Remote Format String
Source: REDHAT
Type: UNKNOWN
RHSA-2000:043
Source: BID
Type: Exploit, Patch, Vendor Advisory
1480
Source: CCN
Type: BID-1480
Multiple Linux Vendor rpc.statd Remote Format String Vulnerability
Source: CCN
Type: SuSE Security Announcement #58
knfsd, all versions
Source: XF
Type: UNKNOWN
linux-rpcstatd-format-overwrite(4939)
Source: XF
Type: UNKNOWN
linux-rpcstatd-format-overwrite(4939)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:conectiva:linux:4.0:*:*:*:*:*:*:*OR cpe:/o:conectiva:linux:4.0es:*:*:*:*:*:*:*OR cpe:/o:conectiva:linux:4.1:*:*:*:*:*:*:*OR cpe:/o:conectiva:linux:4.2:*:*:*:*:*:*:*OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*OR cpe:/o:debian:debian_linux:2.2:*:alpha:*:*:*:*:*OR cpe:/o:debian:debian_linux:2.2:*:powerpc:*:*:*:*:*OR cpe:/o:debian:debian_linux:2.2:*:sparc:*:*:*:*:*OR cpe:/o:debian:debian_linux:2.3:*:*:*:*:*:*:*OR cpe:/o:debian:debian_linux:2.3:*:alpha:*:*:*:*:*OR cpe:/o:debian:debian_linux:2.3:*:powerpc:*:*:*:*:*OR cpe:/o:debian:debian_linux:2.3:*:sparc:*:*:*:*:*OR cpe:/o:redhat:linux:6.0:*:alpha:*:*:*:*:*OR cpe:/o:redhat:linux:6.0:*:i386:*:*:*:*:*OR cpe:/o:redhat:linux:6.0:*:sparc:*:*:*:*:*OR cpe:/o:redhat:linux:6.1:*:alpha:*:*:*:*:*OR cpe:/o:redhat:linux:6.1:*:i386:*:*:*:*:*OR cpe:/o:redhat:linux:6.1:*:sparc:*:*:*:*:*OR cpe:/o:redhat:linux:6.2:*:alpha:*:*:*:*:*OR cpe:/o:redhat:linux:6.2:*:i386:*:*:*:*:*OR cpe:/o:redhat:linux:6.2:*:sparc:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*OR cpe:/o:trustix:secure_linux:1.0:*:*:*:*:*:*:*OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/o:redhat:linux:6.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:*OR cpe:/o:redhat:linux:6.1:*:*:*:*:*:*:*OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*OR cpe:/o:debian:debian_linux:2.3:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*OR cpe:/a:connectiva:linux:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |