rpc.statd access


rpc.statd: The NFS support program, rpc.statd can be exploited through a buffer overflow attack.


A remote intruder can execute commands as root if the buffer overflow attack is successful.

The problem

The rpc.statd program is a support program to NFS which supports file locking when requested. Older versions of statd are vulnerable to a buffer overflow attack where a well crafted pattern could execute arbitrary commands as the root user


Other tips

CVE Reference(s):