Debian Security Advisory

rpc.statd -- remote root exploit

Date Reported:
15 Jul 2000
Affected Packages:
nfs-common
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2000-0666.
More information:
The version of nfs-common distributed in the not-yet-released Debian GNU/Linux 2.2 (a.k.a potato), as well as in the unstable (woody) distribution, is vulnerable to a remote root compromise. No exploit is known to exist in the wild, but the vulnerability has been verified. Debian 2.1 (slink) did not include rpc.statd and is not vulnerable to this exploit.

This has been fixed in version 0.1.9.1-1 of the nfs-common package. We recommend that you update nfs-common immediately if you are running Debian 2.2.

Fixed in:

Debian 2.2 (potato):

Source:
http://http.us.debian.org/debian/dists/potato/main/source/net/nfs-utils_0.1.9.1-1.tar.gz
http://http.us.debian.org/debian/dists/potato/main/source/net/nfs-utils_0.1.9.1-1.dsc
alpha:
http://http.us.debian.org/debian/dists/potato/main/binary-alpha/net/nfs-common_0.1.9.1-1.deb
i386:
http://http.us.debian.org/debian/dists/potato/main/binary-i386/net/nfs-common_0.1.9.1-1.deb
powerpc:
http://http.us.debian.org/debian/dists/potato/main/binary-powerpc/net/nfs-common_0.1.9.1-1.deb