CVE-2000-0666

rpc.statd - Privilege Escalation

Title source: llm

Description

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

Exploits (3)

exploitdb WORKING POC VERIFIED

by ron1n · cremotelinux

https://www.exploit-db.com/exploits/20077

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Doing · cremotelinux

https://www.exploit-db.com/exploits/20076

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by drow · cremotelinux

https://www.exploit-db.com/exploits/20075

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2000-043.html

[Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/1480

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/4939

[Vendor Advisory] http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt

[US Government Resource] http://www.cert.org/advisories/CA-2000-17.html

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html

Scores

EPSS 0.3457

EPSS Percentile 97.0%

Details

Status published

Products (16)

conectiva/linux 4.0

conectiva/linux 4.0es

conectiva/linux 4.1

conectiva/linux 4.2

conectiva/linux 5.0

conectiva/linux 5.1

debian/debian_linux 2.2 (4 CPE variants)

debian/debian_linux 2.3 (4 CPE variants)

redhat/linux 6.0 (3 CPE variants)

redhat/linux 6.1 (3 CPE variants)

... and 6 more

Published Jul 16, 2000

Tracked Since Feb 18, 2026