| VID |
12033 |
| Severity |
40 |
| Port |
|
| Protocol |
UDP |
| Class |
RPC |
| Detailed Description |
The Linux rpc.statd/rpc.kstatd daemon is vulnerable to a format string attack.
rpc.statd/rpc.kstatd is the NFS file-locking status monitor. Remote Procedure Call (RPC) statd maintains state information in cooperation with RPC lockd to provide crash and recovery functionality for file locking across the Network File System (NFS).
Due to a flaw in the program's logging system, the rpc.statd/rpc.kstatd server that ships with most distributions of Linux could allow an attacker to execute code with root privileges. A call to syslog() in the program takes data directly without any filtering from the remote user; this data could include printf()-style format specifiers. By sending a specially-crafted RPC message to vulnerable servers, an attacker could execute arbitrary code with root privileges.
* Warning: The rpc.statd daemon may be crashed by a format string test. Therefore restarting the service is required in order to regain normal functionality.
* References:
http://online.securityfocus.com/bid/1480
http://www.iss.net/security_center/static/4939.php
Platforms Affected:
Conectiva Linux: All Versions
Debian Linux 2.2
Debian Linux 2.3
Mandrake Linux 7.0
Mandrake Linux 7.1
Red Hat Linux 6.0
Red Hat Linux 6.1
Red Hat Linux 6.2
SuSE Linux 6.1
SuSE Linux 6.2
SuSE Linux 6.3
SuSE Linux 6.4 |
| Recommendation |
Disable the 'rpc.statd' rpc service if your system is not acting as either an NFS client or server.
-- OR --
Apply the appropriate patch for your operating system.
For Linux-Mandrake:
Upgrade to the latest version of nfs-utils (0.1.9.1 or later), as listed in Linux-Mandrake Security Update Advisory MDKSA-2000:021, http://online.securityfocus.com/archive/1/70701
For Red Hat Linux:
Upgrade to the latest version of nfs-utils (0.1.9.1 or later), as listed in Red Hat, Inc. Security Advisory RHSA-2000:043-02, http://www.redhat.com/support/errata/RHSA-2000-043-03.html
For Conectiva Linux:
Upgrade to the latest version of nfs-utils (0.1.9.1 or later), as listed in Conectiva Linux Security Announcement CLSA-2000:250, http://online.securityfocus.com/advisories/2456
For Debian Linux:
Upgrade to the latest version of nfs-utils (0.1.9.1 or later), as listed in Debian Security Advisory 20000719a, http://www.debian.org/security/2000/20000719a
For Trustix Linux:
Upgrade to the latest version of nfs-utils (0.1.9.1 or later), as listed in Trustix Security Advisory - nfs-utils, http://online.securityfocus.com/archive/1/70557
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2000-0666 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
