ID

VAR-200106-0098


CVE

CVE-2001-0299


TITLE

SGI IRIX df buffer overflow in directory argument

Trust: 0.8

sources: CERT/CC: VU#20851

DESCRIPTION

Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. A vulnerability exists in Nokia's IP440 integrated Firewall-1/IDS. If a URL is sent to the device's administration interface which contains a large number of characters it can overflow the relevant buffer and create a segmentation fault. As with any buffer overflow, this has the potential to allow arbitrary code execution, but this result has not been reported in this case. Note that in order for this vulnerability to be exploited, the attacker must have been previously authenticated by the target system. Regardless, this vulnerability will permit an attacker to carry out a denial of services on the affected host

Trust: 1.26

sources: NVD: CVE-2001-0299 // BID: 2054 // VULHUB: VHN-3121

AFFECTED PRODUCTS

vendor:sgimodel: - scope: - version: -

Trust: 1.6

vendor:nokiamodel:ip440 firewall vpn appliancescope:eqversion:1.0

Trust: 1.6

vendor:nokiamodel:ip440scope: - version: -

Trust: 0.3

sources: CERT/CC: VU#20851 // BID: 2054 // CNNVD: CNNVD-200106-022 // NVD: CVE-2001-0299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0299
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#20851
value: 14.06

Trust: 0.8

CNNVD: CNNVD-200106-022
value: HIGH

Trust: 0.6

VULHUB: VHN-3121
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-0299
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3121
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#20851 // VULHUB: VHN-3121 // CNNVD: CNNVD-200106-022 // NVD: CVE-2001-0299

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-022

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200106-022

EXTERNAL IDS

db:BIDid:2054

Trust: 2.0

db:NVDid:CVE-2001-0299

Trust: 1.7

db:OSVDBid:6020

Trust: 1.7

db:XFid:440

Trust: 1.4

db:CERT/CCid:VU#20851

Trust: 0.8

db:CNNVDid:CNNVD-200106-022

Trust: 0.7

db:XFid:5640

Trust: 0.6

db:BUGTRAQid:20001127 NOKIA FIREWALLS

Trust: 0.6

db:BUGTRAQid:20001205 NOKIA FIREWALLS - RESPONSE FROM NOKIA

Trust: 0.6

db:VULHUBid:VHN-3121

Trust: 0.1

sources: CERT/CC: VU#20851 // VULHUB: VHN-3121 // BID: 2054 // CNNVD: CNNVD-200106-022 // NVD: CVE-2001-0299

REFERENCES

url:http://www.securityfocus.com/bid/2054

Trust: 1.7

url:http://www.osvdb.org/6020

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=97535202912588&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=97603879517777&w=2

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5640

Trust: 1.1

url:ftp://sgigate.sgi.com/security/19970505-01-a

Trust: 0.8

url:ftp://sgigate.sgi.com/security/19970505-02-px

Trust: 0.8

url:ftp://ftp.auscert.org.au/pub/auscert/advisory/aa-97.19.irix.df.buffer.overflow.vul

Trust: 0.8

url:ftp://ftp.auscert.org.au/pub/auscert/tools/overflow_wrapper/overflow_wrapper.c

Trust: 0.8

url:http://xforce.iss.net/static/440.php

Trust: 0.8

url:http://marc.theaimsgroup.com/?l=bugtraq&m=97603879517777&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=97535202912588&w=2

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/5640

Trust: 0.6

sources: CERT/CC: VU#20851 // VULHUB: VHN-3121 // CNNVD: CNNVD-200106-022 // NVD: CVE-2001-0299

CREDITS

Reported to bugtraq by K2 < ktwo@ktwo.ca > on Mon Nov 27 2000.

Trust: 0.3

sources: BID: 2054

SOURCES

db:CERT/CCid:VU#20851
db:VULHUBid:VHN-3121
db:BIDid:2054
db:CNNVDid:CNNVD-200106-022
db:NVDid:CVE-2001-0299

LAST UPDATE DATE

2024-08-14T15:10:03.449000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#20851date:2000-12-15T00:00:00
db:VULHUBid:VHN-3121date:2017-10-10T00:00:00
db:BIDid:2054date:2000-12-04T00:00:00
db:CNNVDid:CNNVD-200106-022date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0299date:2017-10-10T01:29:40.343

SOURCES RELEASE DATE

db:CERT/CCid:VU#20851date:2000-12-15T00:00:00
db:VULHUBid:VHN-3121date:2001-06-02T00:00:00
db:BIDid:2054date:2000-12-04T00:00:00
db:CNNVDid:CNNVD-200106-022date:2001-06-02T00:00:00
db:NVDid:CVE-2001-0299date:2001-06-02T04:00:00