First published: Sun Jul 16 2000(Updated: )
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Conectiva Linux | =4.2 | |
Conectiva Linux | =4.1 | |
Conectiva Linux | =5.1 | |
Conectiva Linux | =4.0es | |
Conectiva Linux | =5.0 | |
Conectiva Linux | =4.0 | |
SUSE Linux | =6.3 | |
Debian Linux | =2.3 | |
Debian Linux | =2.2 | |
Debian Linux | =2.3 | |
Trustix Secure Linux | =1.1 | |
Debian Linux | =2.3 | |
Red Hat Linux | =6.1 | |
Debian Linux | =2.2 | |
Red Hat Linux | =6.2 | |
Red Hat Linux | =6.0 | |
Red Hat Linux | =6.1 | |
Red Hat Linux | =6.0 | |
Debian Linux | =2.2 | |
SUSE Linux | =6.3-alpha | |
Trustix Secure Linux | =1.0 | |
Red Hat Linux | =6.2 | |
SUSE Linux | =6.4 | |
Debian Linux | =2.2 | |
Red Hat Linux | =6.0 | |
SUSE Linux | =7.0 | |
SUSE Linux | =6.3 | |
Red Hat Linux | =6.1 | |
Red Hat Linux | =6.2 | |
SUSE Linux | =6.4 | |
SUSE Linux | =6.4-alpha | |
Debian Linux | =2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2000-0666 is considered a high severity vulnerability due to its potential to allow remote attackers to gain root privileges.
To fix CVE-2000-0666, it is recommended to update the nfs-utils package to a version that addresses the format string vulnerabilities.
CVE-2000-0666 affects various Linux distributions, including Conectiva, Red Hat, Debian, and SUSE versions as detailed in its report.
CVE-2000-0666 primarily targets the rpc.statd component in the nfs-utils package.
It is strongly advised not to continue using a system vulnerable to CVE-2000-0666 without applying the necessary updates to mitigate the risk.