Description
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
Affected products
- conectiva / linux4.0 – 4.0
- conectiva / linux4.0es – 4.0es
- conectiva / linux4.1 – 4.1
- conectiva / linux4.2 – 4.2
- conectiva / linux5.0 – 5.0
- conectiva / linux5.1 – 5.1
- Debian / debian_linux2.2 – 2.2
- Debian / debian_linux2.2 – 2.2
- Debian / debian_linux2.2 – 2.2
- Debian / debian_linux2.2 – 2.2
- Debian / debian_linux2.3 – 2.3
- Debian / debian_linux2.3 – 2.3
- Debian / debian_linux2.3 – 2.3
- Debian / debian_linux2.3 – 2.3
- RedHat / linux6.0 – 6.0
- RedHat / linux6.0 – 6.0
- RedHat / linux6.0 – 6.0
- RedHat / linux6.1 – 6.1
- RedHat / linux6.1 – 6.1
- RedHat / linux6.1 – 6.1
- RedHat / linux6.2 – 6.2
- RedHat / linux6.2 – 6.2
- RedHat / linux6.2 – 6.2
- SUSE / suse_linux6.3 – 6.3
- SUSE / suse_linux6.3 – 6.3
- SUSE / suse_linux6.3 – 6.3
- SUSE / suse_linux6.4 – 6.4
- SUSE / suse_linux6.4 – 6.4
- SUSE / suse_linux6.4 – 6.4
- SUSE / suse_linux7.0 – 7.0
- trustix / secure_linux1.0 – 1.0
- trustix / secure_linux1.1 – 1.1
References
- MISChttp://www.redhat.com/support/errata/RHSA-2000-043.html
- MISChttp://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html
- MISChttp://www.securityfocus.com/bid/1480
- MISChttp://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html
- MISChttp://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/4939
- VENDOR_ADVISORYhttp://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt
- VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2000-17.html
- MISChttp://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html