Remote Code Execution via rpc.statd SM_MON and SM_NOTIFY Commands

Remote Code Execution via rpc.statd SM_MON and SM_NOTIFY Commands

CVE-1999-0493 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

Learn more about our Web Application Penetration Testing UK.