Summary
The host is running statd service and is prone to multiple remote format string vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code with the privileges of the rpc.statd process, typically root.
Impact Level: System/Application
Solution
Upgrade to latest of nfs-utils version 0.1.9.1 or later, For updates refer to http://sourceforge.net/projects/nfs/files/nfs-utils/
Insight
The flaws are due to errors in rpc.statd/kstatd daemons logging system. A call to syslog in the program takes data directly from the remote user, this data could include printf-style format specifiers.
References
Severity
Classification
-
CVE CVE-2000-0666, CVE-2000-0800 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities