CVE-2000-0666 — Vulnetix

Try Vulnetix Request Demo

CVE-2000-0666 PUBLISHED CVSS 10 CRITICAL

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

EPSS 34.57% · 97.0th percentile

Risk Scores

CVSS v2.0

10

EPSS Score

34.57%

97.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
redhat	linux	6.0, 6.0, 6.0
debian	debian_linux	2.2, 2.3, 2.3
conectiva	linux	4.0, 4.0es, 4.1
suse	suse_linux	6.3, 6.4, 6.4
trustix	secure_linux	1.1, 1.0

Timeline

Jul 16, 2000 CVE Published
Sep 23, 2010 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

RHSA-2000:043 vendor-advisory
20000716 Lots and lots of fun with rpc.statd mailing-list
1480 vdb
20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils mailing-list
20000718 Trustix Security Advisory - nfs-utils mailing-list
linux-rpcstatd-format-overwrite(4939) vdb
CSSA-2000-025.0 vendor-advisory
CA-2000-17 third-party-advisory
20000718 [Security Announce] MDKSA-2000:021 nfs-utils update mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2000-0666 advisory

Open in Interactive Console →