Details of VAR-200205-0137

ID

VAR-200205-0137

CVE

CVE-2002-0033

TITLE

Sun Solaris cachefsd vulnerable to heap overflow in cfsd_calloc() function via long string of characters

Trust: 0.8

sources: CERT/CC: VU#635811

DESCRIPTION

Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. Sun's NFS/RPC cachefs daemon (cachefsd) is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC and Intel architectures). Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. Sun Solaris Included in the NFS/RPC Necessary to operate the file system cachefsd In cfsd_calloc function The function does not perform bounds checking properly, so abnormally long cache names and directory names are included. A remotely exploitable buffer overflow condition has been reported in cachefsd. The overflow occurs in the heap and is reportedly exploitable as valid malloc() chunk structures are overwritten. Successful attacks may result in remote attackers gaining root access on the affected system

Trust: 2.61

sources: NVD: CVE-2002-0033 // CERT/CC: VU#635811 // JVNDB: JVNDB-2002-000106 // BID: 4674

AFFECTED PRODUCTS

vendor:	sun	model:	solaris	scope:	eq	version:	2.5.1	Trust: 1.9
vendor:	sun	model:	solaris	scope:	eq	version:	7.0	Trust: 1.9
vendor:	sun	model:	solaris	scope:	eq	version:	2.6	Trust: 1.9
vendor:	sun	model:	sunos	scope:	eq	version:	-	Trust: 1.6
vendor:	sun	model:	solaris	scope:	eq	version:	8.0	Trust: 1.6
vendor:	sun	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	2.5.1 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	2.5.1 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	2.6 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	2.6 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	7.0 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	7.0 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	8 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	8 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	9 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	9 (x86)	Trust: 0.8
vendor:	sun	model:	solaris x86	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	sun	model:	solaris ppc	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	sun	model:	solaris 9 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	9	Trust: 0.3
vendor:	sun	model:	solaris 8 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 8 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 7.0 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 2.6 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 2.6 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	voice services provisioning tool	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	virtual switch controller	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	universal gateway manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	signaling controller	scope:	eq	version:	2200	Trust: 0.3
vendor:	cisco	model:	secure acs for unix	scope:	eq	version:	2.3.6.1	Trust: 0.3
vendor:	cisco	model:	secure acs for unix	scope:	eq	version:	2.3.5.1	Trust: 0.3
vendor:	cisco	model:	secure acs for unix	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	secure acs for unix	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	pgw2200 pstn gateway	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	mgc node manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	media gateway manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ip manager	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	ip manager	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	ems for the cisco	scope:	eq	version:	7200/7400	Trust: 0.3
vendor:	cisco	model:	ems for the catalyst cisco	scope:	eq	version:	6500/7600	Trust: 0.3
vendor:	cisco	model:	element management framework	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	dsl manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	cable manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	billing and management server	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	manager	scope:	eq	version:	12000	Trust: 0.3
vendor:	cisco	model:	ids-4230-xx	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ids-4220-e	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ids-4210	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	bts	scope:	ne	version:	10200	Trust: 0.3

sources: CERT/CC: VU#635811 // BID: 4674 // JVNDB: JVNDB-2002-000106 // CNNVD: CNNVD-200205-079 // NVD: CVE-2002-0033

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0033
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#635811
value:	52.92
Trust: 0.8
NVD:	CVE-2002-0033
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200205-079
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2002-0033
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: CERT/CC: VU#635811 // JVNDB: JVNDB-2002-000106 // CNNVD: CNNVD-200205-079 // NVD: CVE-2002-0033

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0033

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200205-079

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 4674 // CNNVD: CNNVD-200205-079

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000106

PATCH

title:	56300	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-56300-1	Trust: 0.8
title:	44309	url:	http://jp.sunsolve.sun.com/search/document.do?assetkey=1-26-44309-1	Trust: 0.8
title:	56300	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-56300-3	Trust: 0.8
title:	44309	url:	http://jp.sunsolve.sun.com/search/document.do?assetkey=1-26-44309-3	Trust: 0.8

sources: JVNDB: JVNDB-2002-000106

EXTERNAL IDS

db:	CERT/CC	id:	VU#635811	Trust: 3.2
db:	BID	id:	4674	Trust: 2.7
db:	NVD	id:	CVE-2002-0033	Trust: 2.4
db:	XF	id:	8999	Trust: 1.4
db:	JVNDB	id:	JVNDB-2002-000106	Trust: 0.8
db:	CERT/CC	id:	CA-2002-11	Trust: 0.6
db:	BUGTRAQ	id:	20020505 [LSD] SOLARIS CACHEFSD REMOTE BUFFER OVERFLOW VULNERABILITY	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:124	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:31	Trust: 0.6
db:	CNNVD	id:	CNNVD-200205-079	Trust: 0.6

sources: CERT/CC: VU#635811 // BID: 4674 // JVNDB: JVNDB-2002-000106 // CNNVD: CNNVD-200205-079 // NVD: CVE-2002-0033

REFERENCES

url:	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f44309	Trust: 3.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html	Trust: 3.4
url:	http://www.cert.org/advisories/ca-2002-11.html	Trust: 3.4
url:	http://www.securityfocus.com/bid/4674	Trust: 3.4
url:	http://www.kb.cert.org/vuls/id/635811	Trust: 3.4
url:	http://www.iss.net/security_center/static/8999.php	Trust: 2.6
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a124	Trust: 2.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a31	Trust: 2.0
url:	http://www.ciac.org/ciac/bulletins/m-078.shtml	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0033	Trust: 0.8
url:	http://www.jpcert.or.jp/wr/2002/wr021801.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnca-2002-11	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0033	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/8999	Trust: 0.8
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:31	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:124	Trust: 0.6

sources: CERT/CC: VU#635811 // BID: 4674 // JVNDB: JVNDB-2002-000106 // CNNVD: CNNVD-200205-079 // NVD: CVE-2002-0033

CREDITS

LSD contact@lsd-pl.net

Trust: 0.6

sources: CNNVD: CNNVD-200205-079

SOURCES

db:	CERT/CC	id:	VU#635811
db:	BID	id:	4674
db:	JVNDB	id:	JVNDB-2002-000106
db:	CNNVD	id:	CNNVD-200205-079
db:	NVD	id:	CVE-2002-0033

LAST UPDATE DATE

2024-11-22T23:15:25.345000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#635811	date:	2002-05-14T00:00:00
db:	BID	id:	4674	date:	2002-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2002-000106	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200205-079	date:	2005-08-17T00:00:00
db:	NVD	id:	CVE-2002-0033	date:	2024-11-20T23:38:08.383

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#635811	date:	2002-05-06T00:00:00
db:	BID	id:	4674	date:	2002-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2002-000106	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200205-079	date:	2002-05-29T00:00:00
db:	NVD	id:	CVE-2002-0033	date:	2002-05-29T04:00:00