VDB

GCVE-VVD-CERTCC-2000-34043

GCVE-VVD-CERTCC-2000-34043
Advisory Published
Vulnetix · Advisory published July 16, 2000
The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions. Please see the vendors section of this document for specific information regarding affected distributions. More information about this vulnerability is available at the following public URLs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0666 http://www.securityfocus.com/bid/1480 The rpc.statd program passes user-supplied data to the syslog() function as a format string. If there is no input validation of this string, a malicious user can inject machine code to be executed with the privileges of the rpc.statd process, typically root.
Download JSON Open in Console

Risk Scores

certcc-cam
certcc-cam
impact19population15exploitation20widely_known20score_current92.98125ease_of_exploitation15

Aliases

CVE-2000-0666

Transitive aliases

BDU:2015-07894GHSA-jc43-58xv-97mpGSD-2000-0666

References

rpc.statd vulnerable to remote root compromise via format string stack overwrite
url
rpc.statd vulnerable to remote root compromise via format string stack overwrite
url
rpc.statd vulnerable to remote root compromise via format string stack overwrite
advisory
rpc.statd vulnerable to remote root compromise via format string stack overwrite
advisory
rpc.statd vulnerable to remote root compromise via format string stack overwrite
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›