Rapid7 Vulnerability & Exploit Database

SuSE rpc.kstatd String Parsing Vulnerability

Back to Search

SuSE rpc.kstatd String Parsing Vulnerability

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
08/10/2000
Created
07/25/2018
Added
08/18/2008
Modified
04/01/2019

Description

SuSE 6.1-6.4 ships with a version of rpc.kstatd that contains unspecified string parsing errors that could allow remote attackers to gain root privileges.

Note that rpc.kstatd (usually simply called rpc.statd by other distributions) implements the RPC "status" service. It should not be confused with rpc.rstatd which implements the "rstatd" service. It is unclear whether this vulnerability is related or not to CVE-2000-0666.

Solution(s)

  • nfs-statd-suse-string-parsing-vuln

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;