Upstream information

CVE-2000-0666 at MITRE

Description

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 10
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Note from the SUSE Security Team

This issue was fixed in the SUSE nfs-utils package on July 21st 2000. nfs-utils 0.1.9.1 or later and products released after this date are not affected by this issue.

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.