Debian Security Advisory
rpc.statd -- remote root exploit
- Date Reported:
- 15 Jul 2000
- Affected Packages:
- nfs-common
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0666.
- More information:
- The version of nfs-common distributed in the
not-yet-released Debian GNU/Linux 2.2 (a.k.a potato), as well as in the
unstable (woody) distribution, is vulnerable to a remote root compromise. No
exploit is known to exist in the wild, but the vulnerability has been verified.
Debian 2.1 (slink) did not include rpc.statd and is not vulnerable to
this exploit.
This has been fixed in version 0.1.9.1-1 of the nfs-common package. We recommend that you update nfs-common immediately if you are running Debian 2.2.
- Fixed in:
-
Debian 2.2 (potato):
- Source:
- http://http.us.debian.org/debian/dists/potato/main/source/net/nfs-utils_0.1.9.1-1.tar.gz
- http://http.us.debian.org/debian/dists/potato/main/source/net/nfs-utils_0.1.9.1-1.dsc
- alpha:
- http://http.us.debian.org/debian/dists/potato/main/binary-alpha/net/nfs-common_0.1.9.1-1.deb
- i386:
- http://http.us.debian.org/debian/dists/potato/main/binary-i386/net/nfs-common_0.1.9.1-1.deb
- powerpc:
- http://http.us.debian.org/debian/dists/potato/main/binary-powerpc/net/nfs-common_0.1.9.1-1.deb