Vulnerability Note VU#34043
rpc.statd vulnerable to remote root compromise via format string stack overwrite
The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions. Please see the vendors section of this document for specific information regarding affected distributions.
More information about this vulnerability is available at the following public URLs:
The rpc.statd program passes user-supplied data to the syslog() function as a format string. If there is no input validation of this string, a malicious user can inject machine code to be executed with the privileges of the rpc.statd process, typically root.
By exploiting this vulnerability, local or remote users may be able to execute arbitrary code with the privileges of the rpc.statd process, typically root.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|BSDI||Not Affected||-||10 Oct 2000|
|Caldera||Not Affected||-||10 Oct 2000|
|Compaq Computer Corporation||Not Affected||-||10 Oct 2000|
|FreeBSD||Not Affected||-||10 Oct 2000|
|HP||Not Affected||-||10 Oct 2000|
|NetBSD||Not Affected||-||10 Oct 2000|
|OpenBSD||Not Affected||-||10 Oct 2000|
|SCO||Not Affected||-||10 Oct 2000|
|SGI||Not Affected||-||10 Oct 2000|
|Sun||Not Affected||-||10 Oct 2000|
|Debian||Unknown||-||10 Oct 2000|
|RedHat||Unknown||-||10 Oct 2000|
CVSS Metrics (Learn More)
This document was written by John Shaffer and Brian King.
- CVE IDs: CVE-2000-0666
- CERT Advisory: CA-2000-17
- Date Public: 16 Jul 2000
- Date First Published: 30 Oct 2000
- Date Last Updated: 29 Nov 2000
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.