var-200005-0080
Vulnerability from variot
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. A buffer overflow exists in the version of Mattel's Cyber Patrol software integrated in to Network Associates Gauntlet firewall, versions 4.1, 4.2, 5.0 and 5.5. Due to the manner in which Cyber Patrol was integrated, a vulnerability was introduced which could allow a remote attacker to gain root access on the firewall, or execute arbitrary commands on the firewall. By default, Cyber Patrol is installed on Gauntlet installations, and runs for 30 days. After that period, it is disabled. During this 30 day period, the firewall is susceptible to attack,. Due to the filtering software being externally accessible, users not on the internal network may also be able to exploit the vulnerability. Some versions of SGI IRIX shipped with the Gauntlet Firewall package, and in the past it was a supported SGI product. While it is no longer being supported, SGI IRIX versions 6.5.2, 6.5.3, 6.5.4 and 6.5.5 may be prone to this issue
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200005-0080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gauntlet firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "network associates",
"version": "5.0"
},
{
"model": "webshield e-ppliance",
"scope": "eq",
"trust": 1.6,
"vendor": "network associates",
"version": "100.0"
},
{
"model": "webshield",
"scope": "eq",
"trust": 1.6,
"vendor": "network associates",
"version": "4.0"
},
{
"model": "gauntlet firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "network associates",
"version": "5.5"
},
{
"model": "gauntlet firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "network associates",
"version": "4.2"
},
{
"model": "webshield e-ppliance",
"scope": "eq",
"trust": 1.6,
"vendor": "network associates",
"version": "300.0"
},
{
"model": "gauntlet firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "network associates",
"version": "4.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "associates webshield for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "4.0"
},
{
"model": "associates webshield e-ppliance",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "300.0"
},
{
"model": "associates webshield e-ppliance",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "100.0"
},
{
"model": "associates gauntlet firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "5.5"
},
{
"model": "associates gauntlet firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "5.0"
},
{
"model": "associates gauntlet firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "4.2"
},
{
"model": "associates gauntlet firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "4.1"
}
],
"sources": [
{
"db": "BID",
"id": "1234"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-073"
},
{
"db": "NVD",
"id": "CVE-2000-0437"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was discovered by Jim Stickley, with Garrison Technologies, and was reported to SecurityFocus.com on May 19, 2000.",
"sources": [
{
"db": "BID",
"id": "1234"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-073"
}
],
"trust": 0.9
},
"cve": "CVE-2000-0437",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2000-0437",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-2016",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-0437",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200005-073",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-2016",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2016"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-073"
},
{
"db": "NVD",
"id": "CVE-2000-0437"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the CyberPatrol daemon \"cyberdaemon\" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. A buffer overflow exists in the version of Mattel\u0027s Cyber Patrol software integrated in to Network Associates Gauntlet firewall, versions 4.1, 4.2, 5.0 and 5.5. Due to the manner in which Cyber Patrol was integrated, a vulnerability was introduced which could allow a remote attacker to gain root access on the firewall, or execute arbitrary commands on the firewall. \nBy default, Cyber Patrol is installed on Gauntlet installations, and runs for 30 days. After that period, it is disabled. During this 30 day period, the firewall is susceptible to attack,. Due to the filtering software being externally accessible, users not on the internal network may also be able to exploit the vulnerability. \nSome versions of SGI IRIX shipped with the Gauntlet Firewall package, and in the past it was a supported SGI product. While it is no longer being supported, SGI IRIX versions 6.5.2, 6.5.3, 6.5.4 and 6.5.5 may be prone to this issue",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0437"
},
{
"db": "BID",
"id": "1234"
},
{
"db": "VULHUB",
"id": "VHN-2016"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-2016",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2016"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "1234",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2000-0437",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "322",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200005-073",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20000522 GAUNTLET CYBERPATROL BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "19949",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-2016",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2016"
},
{
"db": "BID",
"id": "1234"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-073"
},
{
"db": "NVD",
"id": "CVE-2000-0437"
}
]
},
"id": "VAR-200005-0080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-2016"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:48:38.039000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0437"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.pgp.com/jump/gauntlet_advisory.asp"
},
{
"trust": 3.0,
"url": "http://www.tis.com/support/cyberadvisory.html"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/1234"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html"
},
{
"trust": 2.7,
"url": "http://www.osvdb.org/322"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2016"
},
{
"db": "BID",
"id": "1234"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-073"
},
{
"db": "NVD",
"id": "CVE-2000-0437"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-2016"
},
{
"db": "BID",
"id": "1234"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-073"
},
{
"db": "NVD",
"id": "CVE-2000-0437"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-2016"
},
{
"date": "2000-05-18T00:00:00",
"db": "BID",
"id": "1234"
},
{
"date": "2000-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200005-073"
},
{
"date": "2000-05-18T04:00:00",
"db": "NVD",
"id": "CVE-2000-0437"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-2016"
},
{
"date": "2009-07-11T01:56:00",
"db": "BID",
"id": "1234"
},
{
"date": "2005-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200005-073"
},
{
"date": "2024-11-20T23:32:30.227000",
"db": "NVD",
"id": "CVE-2000-0437"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200005-073"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gauntlet Firewall Remote Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "1234"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-073"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200005-073"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.