CVE-2000-0666

Current Description

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

Basic Data

Published	July 16, 2000
Last Modified	May 03, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	NVD-CWE-Other
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	COMPLETE
CVSS 2 - Availability Impact	COMPLETE
CVSS 2 - Base Score	10.0
Severity	HIGH
Exploitability Score	10.0
Impact Score	10.0
Obtain All Privilege	true
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Conectiva	Linux	4.0	*	*	*	*	*	*	*
2.3	OS	Conectiva	Linux	4.0es	*	*	*	*	*	*	*
2.3	OS	Conectiva	Linux	4.1	*	*	*	*	*	*	*
2.3	OS	Conectiva	Linux	4.2	*	*	*	*	*	*	*
2.3	OS	Conectiva	Linux	5.0	*	*	*	*	*	*	*
2.3	OS	Conectiva	Linux	5.1	*	*	*	*	*	*	*

OR - Configuration 2

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Debian	Debian Linux	2.2	*	*	*	*	*	*	*
2.3	OS	Debian	Debian Linux	2.2	*	alpha	*	*	*	*	*
2.3	OS	Debian	Debian Linux	2.2	*	powerpc	*	*	*	*	*
2.3	OS	Debian	Debian Linux	2.2	*	sparc	*	*	*	*	*
2.3	OS	Debian	Debian Linux	2.3	*	*	*	*	*	*	*
2.3	OS	Debian	Debian Linux	2.3	*	alpha	*	*	*	*	*
2.3	OS	Debian	Debian Linux	2.3	*	powerpc	*	*	*	*	*
2.3	OS	Debian	Debian Linux	2.3	*	sparc	*	*	*	*	*
2.3	OS	Redhat	Linux	6.0	*	alpha	*	*	*	*	*
2.3	OS	Redhat	Linux	6.0	*	i386	*	*	*	*	*
2.3	OS	Redhat	Linux	6.0	*	sparc	*	*	*	*	*
2.3	OS	Redhat	Linux	6.1	*	alpha	*	*	*	*	*
2.3	OS	Redhat	Linux	6.1	*	i386	*	*	*	*	*
2.3	OS	Redhat	Linux	6.1	*	sparc	*	*	*	*	*
2.3	OS	Redhat	Linux	6.2	*	alpha	*	*	*	*	*
2.3	OS	Redhat	Linux	6.2	*	i386	*	*	*	*	*
2.3	OS	Redhat	Linux	6.2	*	sparc	*	*	*	*	*
2.3	OS	Suse	Suse Linux	6.3	*	*	*	*	*	*	*
2.3	OS	Suse	Suse Linux	6.3	*	ppc	*	*	*	*	*
2.3	OS	Suse	Suse Linux	6.3	alpha	*	*	*	*	*	*
2.3	OS	Suse	Suse Linux	6.4	*	*	*	*	*	*	*
2.3	OS	Suse	Suse Linux	6.4	*	ppc	*	*	*	*	*
2.3	OS	Suse	Suse Linux	6.4	alpha	*	*	*	*	*	*
2.3	OS	Suse	Suse Linux	7.0	*	*	*	*	*	*	*
2.3	OS	Trustix	Secure Linux	1.0	*	*	*	*	*	*	*
2.3	OS	Trustix	Secure Linux	1.1	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Debian	Debian Linux	2.2, 2.3
Redhat	Linux	6.0, 6.1, 6.2
Conectiva	Linux	4.0, 4.0es, 4.1, 4.2, 5.0, 5.1
Trustix	Secure Linux	1.0, 1.1
Suse	Suse Linux	6.3, 6.4, 7.0

References

Name	Source	URL	Tags
20000716 Lots and lots of fun with rpc.statd	http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html	BUGTRAQ	Exploit Patch Vendor Advisory
20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils	http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html	BUGTRAQ
20000718 Trustix Security Advisory - nfs-utils	http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html	BUGTRAQ
20000718 [Security Announce] MDKSA-2000:021 nfs-utils update	http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html	BUGTRAQ
CSSA-2000-025.0	http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt	CALDERA
CA-2000-17	http://www.cert.org/advisories/CA-2000-17.html	CERT	US Government Resource
RHSA-2000:043	http://www.redhat.com/support/errata/RHSA-2000-043.html	REDHAT
1480	http://www.securityfocus.com/bid/1480	BID	Exploit Patch Vendor Advisory
linux-rpcstatd-format-overwrite(4939)	https://exchange.xforce.ibmcloud.com/vulnerabilities/4939	XF