Details of VAR-200205-0031

ID

VAR-200205-0031

CVE

CVE-2002-0234

TITLE

NetScreen ScreenOS Port Scan Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200205-083

DESCRIPTION

NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections. NetScreen is a line of Internet security appliances integrating firewall, VPN and traffic management features. ScreenOS is the software used to manage and configure the firewall. NetScreen supports Microsoft Windows 95, 98, ME, NT and 2000 clients. An issue has been reported in NetScreen ScreenOS which could cause the system to stop responding. This is due to the number of concurrent sessions allowed per user. Exploitation of this issue is possible using a port scanner that does not properly release sessions. This vulnerability will occupy all valid connections

Trust: 1.26

sources: NVD: CVE-2002-0234 // BID: 4015 // VULHUB: VHN-4627

AFFECTED PRODUCTS

vendor:	juniper	model:	netscreen screenos	scope:	lte	version:	2.6.1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1	Trust: 0.6
vendor:	netscreen	model:	screenos	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	ne	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	ne	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	ne	version:	3.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	ne	version:	3.0	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	ne	version:	2.8	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	ne	version:	2.6.1	Trust: 0.3
vendor:	netscape	model:	fasttrack server 3.0.0r1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 4015 // CNNVD: CNNVD-200205-083 // NVD: CVE-2002-0234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0234
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200205-083
value:	LOW
Trust: 0.6
VULHUB:	VHN-4627
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2002-0234
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4627
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4627 // CNNVD: CNNVD-200205-083 // NVD: CVE-2002-0234

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0234

THREAT TYPE

local

Trust: 0.9

sources: BID: 4015 // CNNVD: CNNVD-200205-083

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200205-083

EXTERNAL IDS

db:	NVD	id:	CVE-2002-0234	Trust: 2.0
db:	BID	id:	4015	Trust: 2.0
db:	CNNVD	id:	CNNVD-200205-083	Trust: 0.7
db:	XF	id:	8057	Trust: 0.6
db:	BUGTRAQ	id:	20020201 RE: NETSCREEN SCREENOS 2.6 SUBJECT TO TRUST INTERFACE DOS	Trust: 0.6
db:	BUGTRAQ	id:	20020205 NETSCREEN RESPONSE TO SCREENOS PORT SCAN DOS VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20020201 NETSCREEN SCREENOS 2.6 SUBJECT TO TRUST INTERFACE DOS	Trust: 0.6
db:	VULHUB	id:	VHN-4627	Trust: 0.1

sources: VULHUB: VHN-4627 // BID: 4015 // CNNVD: CNNVD-200205-083 // NVD: CVE-2002-0234

REFERENCES

url:	http://www.securityfocus.com/bid/4015	Trust: 2.7
url:	http://online.securityfocus.com/archive/1/254268	Trust: 2.7
url:	http://www.iss.net/security_center/static/8057.php	Trust: 2.7
url:	http://marc.info/?l=bugtraq&m=101258281818524&w=2	Trust: 2.0
url:	http://marc.info/?l=bugtraq&m=101258887105690&w=2	Trust: 2.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=101258887105690&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=101258281818524&w=2	Trust: 0.6
url:	http://www.netscreen.com/index.html	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=101258281818524&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=101258887105690&w=2	Trust: 0.1

sources: VULHUB: VHN-4627 // BID: 4015 // CNNVD: CNNVD-200205-083 // NVD: CVE-2002-0234

CREDITS

Discovered by Chris Lathem <clathem@skyhawke.com>.

Trust: 0.9

sources: BID: 4015 // CNNVD: CNNVD-200205-083

SOURCES

db:	VULHUB	id:	VHN-4627
db:	BID	id:	4015
db:	CNNVD	id:	CNNVD-200205-083
db:	NVD	id:	CVE-2002-0234

LAST UPDATE DATE

2024-11-22T22:54:21.919000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4627	date:	2016-10-18T00:00:00
db:	BID	id:	4015	date:	2009-07-11T09:56:00
db:	CNNVD	id:	CNNVD-200205-083	date:	2006-08-23T00:00:00
db:	NVD	id:	CVE-2002-0234	date:	2024-11-20T23:38:37.043

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4627	date:	2002-05-29T00:00:00
db:	BID	id:	4015	date:	2002-02-01T00:00:00
db:	CNNVD	id:	CNNVD-200205-083	date:	2002-05-29T00:00:00
db:	NVD	id:	CVE-2002-0234	date:	2002-05-29T04:00:00