Upstream information
Description
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having critical severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 10 |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Note from the SUSE Security Team
This issue was fixed in the SUSE nfs-utils package on July 21st 2000. nfs-utils 0.1.9.1 or later and products released after this date are not affected by this issue. No SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Thu Jun 27 23:42:02 2013CVE page last modified: Fri Oct 7 12:45:21 2022