Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2000-0666 | First vendor Publication | 2000-07-16 |
Vendor | Cve | Last vendor Modification | 2018-05-03 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0666 |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-09-09 | Name : Nfs-utils rpc.statd Multiple Remote Format String Vulnerabilities File : nvt/secpod_nfs_rpc_statd_mult_format_string_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
443 | Linux nfs-utils rpc.statd Remote Format String The rpc.statd program contained in the nfs-utils package contains a flaw that may allow a malicious user to gain remote root access. The issue is triggered when raw user input is passed to the syslog() function. It is possible that the flaw may allow arbitrary code exectuion resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | STATD TCP monitor mon_name format string exploit attempt RuleID : 1916-community - Revision : 17 - Type : PROTOCOL-RPC |
2014-01-10 | STATD TCP monitor mon_name format string exploit attempt RuleID : 1916 - Revision : 17 - Type : PROTOCOL-RPC |
2014-01-10 | STATD UDP monitor mon_name format string exploit attempt RuleID : 1915-community - Revision : 19 - Type : PROTOCOL-RPC |
2014-01-10 | STATD UDP monitor mon_name format string exploit attempt RuleID : 1915 - Revision : 19 - Type : PROTOCOL-RPC |
2014-01-10 | STATD TCP stat mon_name format string exploit attempt RuleID : 1914-community - Revision : 18 - Type : PROTOCOL-RPC |
2014-01-10 | STATD TCP stat mon_name format string exploit attempt RuleID : 1914 - Revision : 18 - Type : PROTOCOL-RPC |
2014-01-10 | STATD UDP stat mon_name format string exploit attempt RuleID : 1913-community - Revision : 20 - Type : PROTOCOL-RPC |
2014-01-10 | STATD UDP stat mon_name format string exploit attempt RuleID : 1913 - Revision : 20 - Type : PROTOCOL-RPC |
2014-01-10 | status GHBN format string attack RuleID : 1891-community - Revision : 17 - Type : PROTOCOL-RPC |
2014-01-10 | status GHBN format string attack RuleID : 1891 - Revision : 17 - Type : PROTOCOL-RPC |
2014-01-10 | status GHBN format string attack RuleID : 1890-community - Revision : 18 - Type : PROTOCOL-RPC |
2014-01-10 | status GHBN format string attack RuleID : 1890 - Revision : 18 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-09-06 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2000-021.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The RedHat version have been identified. File : redhat_fixes.nasl - Type : ACT_GATHER_INFO |
2000-11-10 | Name : The remote service is vulnerable to a buffer overflow. File : statd_format_string.nasl - Type : ACT_MIXED_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:01:10 |
|
2021-04-22 01:01:23 |
|
2020-05-23 00:14:25 |
|
2018-05-03 09:19:24 |
|
2014-02-17 10:23:10 |
|
2014-01-19 21:21:09 |
|
2013-05-11 12:00:58 |
|