fkie_nvd - fkie_cve-2002-0666

fkie_cve-2002-0666

Vulnerability from fkie_nvd

Published

2002-11-04 05:00

Modified

2024-11-20 23:39

Severity ?

Summary

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.

References

URL	Tags
cve@mitre.org	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
cve@mitre.org	http://razor.bindview.com/publish/advisories/adv_ipsec.html	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2002/dsa-201
cve@mitre.org	http://www.iss.net/security_center/static/10411.php	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/459371	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/6011
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
af854a3a-2127-422b-91ae-364da2661108	http://razor.bindview.com/publish/advisories/adv_ipsec.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2002/dsa-201
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/10411.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/459371	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/6011

Impacted products

Vendor	Product	Version
frees_wan	frees_wan	1.9
frees_wan	frees_wan	1.9.1
frees_wan	frees_wan	1.9.2
frees_wan	frees_wan	1.9.3
frees_wan	frees_wan	1.9.4
frees_wan	frees_wan	1.9.5
frees_wan	frees_wan	1.9.6
apple	mac_os_x	10.2
apple	mac_os_x_server	10.2
freebsd	freebsd	4.6
freebsd	freebsd	4.6
freebsd	freebsd	4.6
netbsd	netbsd	1.5
netbsd	netbsd	1.5
netbsd	netbsd	1.5
netbsd	netbsd	1.5.1
netbsd	netbsd	1.5.2
netbsd	netbsd	1.5.3
netbsd	netbsd	1.6
global_technology_associates	gnat_box_firmware	3.1
global_technology_associates	gnat_box_firmware	3.2
global_technology_associates	gnat_box_firmware	3.3
nec	bluefire_ix1035_router	*
nec	ix1010	*
nec	ix1011	*
nec	ix1020	*
nec	ix1050	*
nec	ix2010	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:frees_wan:frees_wan:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A66D34B-9044-4F34-B367-55967EE92FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frees_wan:frees_wan:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "907622BF-3B1E-4A89-A414-60DD0559463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frees_wan:frees_wan:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "308CBFAA-D513-4593-81E8-4CC025E5853C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frees_wan:frees_wan:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7711EC06-B983-4E8C-AC4A-24C3A5AD64AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frees_wan:frees_wan:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29E5A0BA-BC40-4D53-8A34-D9E1D88C0453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frees_wan:frees_wan:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEEA91E2-C599-4192-8BBC-A151A1D283A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frees_wan:frees_wan:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10EA9F4-5878-4AFB-BAB6-B2C9728AF3DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCF4FB3-F781-46D5-BEE7-485B3DC78B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AE033B-5F16-4262-A397-02D7450189B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C001822-FDF8-497C-AC2C-B59A00E9ACD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
              "matchCriteriaId": "118211EF-CED7-4EB5-9669-F54C8169D4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
              "matchCriteriaId": "9A405AE2-ECC4-4BB0-80DD-4736394FB217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*",
              "matchCriteriaId": "52F2B17F-A169-402C-AA05-0DE5D805BAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*",
              "matchCriteriaId": "BD44E15F-D216-404F-8585-D278175C2A0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*",
              "matchCriteriaId": "9DDC444D-E763-4685-97F8-A027DF6F804D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:global_technology_associates:gnat_box_firmware:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD478B7E-83ED-47CD-AE00-705F2255E64C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:global_technology_associates:gnat_box_firmware:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC90C735-4002-40A3-B0C8-A684A5DF99A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:global_technology_associates:gnat_box_firmware:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "236F09EF-A0B5-465D-9041-D389AB3EAA97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:nec:bluefire_ix1035_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBB64A3D-0C14-441D-8A4E-E4EF94FA7A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:nec:ix1010:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7FB074-B218-408B-AA86-941824B1758B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:nec:ix1011:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4FB687-87F6-47CC-95F8-EB4D4396184D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:nec:ix1020:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98BA9566-EE28-4025-A6DC-B7F81FC41BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:nec:ix1050:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4331351A-D97B-4874-8370-83A20E598E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:nec:ix2010:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C8AA729-DF24-4AA2-800C-1DFEF9E1EF18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors."
    },
    {
      "lang": "es",
      "value": "Implementaciones de IPSEC, incluyendo FreeS/WAN y KAME no calculan adecuadamente la longitud de los datos de autenticaci\u00f3n, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (kernel panic) mediante paquetes Encapsulating Security Payload (EPS) cortos falsificados, lo que resulta en errores de enteros sin signos."
    }
  ],
  "id": "CVE-2002-0666",
  "lastModified": "2024-11-20T23:39:35.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-11-04T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://razor.bindview.com/publish/advisories/adv_ipsec.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2002/dsa-201"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10411.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/459371"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://razor.bindview.com/publish/advisories/adv_ipsec.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2002/dsa-201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10411.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/459371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6011"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2002-0666

Vulnerability from cvelistv5

Published

2002-10-25 04:00

Modified

2024-08-08 02:56