var-200205-0034
Vulnerability from variot
Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets. Internet Security Systems's BlackICE Defender, BlackICE Agent and RealSecure Server Sensor, are network intrusion detection systems which run in Microsoft Windows environments. A buffer overflow condition has been reported in these products which can be exploited by a remote user. Exploitation is achievable via a ping flood attack. Sending a series of large Echo Request (ping) packets to a target host will trigger the overflow. It is possible to execute arbitrary code with kernel-level privileges. Only Windows 2000 and XP hosts are affected by this vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200205-0034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "blackice agent",
"scope": "eq",
"trust": 1.6,
"vendor": "iss",
"version": "3.1"
},
{
"model": "realsecure server sensor",
"scope": "eq",
"trust": 1.6,
"vendor": "iss",
"version": "6.0.1"
},
{
"model": "blackice defender",
"scope": "eq",
"trust": 1.6,
"vendor": "iss",
"version": "2.9caq"
},
{
"model": "blackice defender",
"scope": "eq",
"trust": 1.6,
"vendor": "iss",
"version": "2.9cap"
},
{
"model": "blackice defender",
"scope": "eq",
"trust": 1.6,
"vendor": "iss",
"version": "2.9"
},
{
"model": "realsecure server sensor",
"scope": "eq",
"trust": 1.6,
"vendor": "iss",
"version": "6.5"
},
{
"model": "blackice agent",
"scope": "eq",
"trust": 1.6,
"vendor": "iss",
"version": "3.0"
},
{
"model": "security systems realsecure server sensor win",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "6.5"
},
{
"model": "security systems realsecure server sensor win",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "6.0.1"
},
{
"model": "security systems blackice defender caq",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "2.9"
},
{
"model": "security systems blackice defender cap",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "2.9"
},
{
"model": "security systems blackice defender",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "2.9"
},
{
"model": "security systems blackice agent",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "3.1"
},
{
"model": "security systems blackice agent",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "3.0"
},
{
"model": "security systems blackice defender car",
"scope": "ne",
"trust": 0.3,
"vendor": "internet",
"version": "2.9"
}
],
"sources": [
{
"db": "BID",
"id": "4025"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-101"
},
{
"db": "NVD",
"id": "CVE-2002-0237"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matt Taylor\u203b quisit@quest.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-101"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0237",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4630",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0237",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200205-101",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4630",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4630"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-101"
},
{
"db": "NVD",
"id": "CVE-2002-0237"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets. Internet Security Systems\u0027s BlackICE Defender, BlackICE Agent and RealSecure Server Sensor, are network intrusion detection systems which run in Microsoft Windows environments. \nA buffer overflow condition has been reported in these products which can be exploited by a remote user. Exploitation is achievable via a ping flood attack. \nSending a series of large Echo Request (ping) packets to a target host will trigger the overflow. \nIt is possible to execute arbitrary code with kernel-level privileges. Only Windows 2000 and XP hosts are affected by this vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0237"
},
{
"db": "BID",
"id": "4025"
},
{
"db": "VULHUB",
"id": "VHN-4630"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4025",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0237",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200205-101",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020204 VULNERABILITY IN BLACK ICE DEFENDER",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020209 ALERT: ISS BLACKICE KERNEL OVERFLOW EXPLOITABLE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020206 BLACK ICE PING VULNERABILITY SIDE NOTE",
"trust": 0.6
},
{
"db": "ISS",
"id": "20020204 DOS AND POTENTIAL OVERFLOW VULNERABILITY IN BLACKICE PRODUCTS",
"trust": 0.6
},
{
"db": "NTBUGTRAQ",
"id": "20020209 ALERT: ISS BLACKICE KERNEL OVERFLOW EXPLOITABLE",
"trust": 0.6
},
{
"db": "XF",
"id": "8058",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4630",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4630"
},
{
"db": "BID",
"id": "4025"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-101"
},
{
"db": "NVD",
"id": "CVE-2002-0237"
}
]
},
"id": "VAR-200205-0034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4630"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:14:57.658000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/4025"
},
{
"trust": 2.7,
"url": "http://www.iss.net/security_center/alerts/advise109.php"
},
{
"trust": 2.7,
"url": "http://www.iss.net/security_center/static/8058.php"
},
{
"trust": 2.1,
"url": "http://marc.info/?l=bugtraq\u0026m=101286393404301\u0026w=2"
},
{
"trust": 2.1,
"url": "http://marc.info/?l=bugtraq\u0026m=101302424803268\u0026w=2"
},
{
"trust": 2.1,
"url": "http://marc.info/?l=bugtraq\u0026m=101321744807452\u0026w=2"
},
{
"trust": 2.1,
"url": "http://marc.info/?l=ntbugtraq\u0026m=101353165915171\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=101321744807452\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=ntbugtraq\u0026m=101353165915171\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=101302424803268\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=101286393404301\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.networkice.com/products/blackice_defender.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4630"
},
{
"db": "BID",
"id": "4025"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-101"
},
{
"db": "NVD",
"id": "CVE-2002-0237"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4630"
},
{
"db": "BID",
"id": "4025"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-101"
},
{
"db": "NVD",
"id": "CVE-2002-0237"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-29T00:00:00",
"db": "VULHUB",
"id": "VHN-4630"
},
{
"date": "2002-02-04T00:00:00",
"db": "BID",
"id": "4025"
},
{
"date": "2002-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-101"
},
{
"date": "2002-05-29T04:00:00",
"db": "NVD",
"id": "CVE-2002-0237"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-4630"
},
{
"date": "2002-02-04T00:00:00",
"db": "BID",
"id": "4025"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-101"
},
{
"date": "2024-11-20T23:38:37.480000",
"db": "NVD",
"id": "CVE-2002-0237"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ISS BlackICE and RealSecure Remote denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-101"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "4025"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-101"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.