Sign-up

ID

VAR-200205-0150


CVE

CVE-2002-1447


TITLE

Unix Under Cisco VPN Client Local Buffer Overflow Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200205-052

DESCRIPTION

Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. The Cisco VPN Client software is used to establish Virtual Private Network (VPN) connections between client machines and a Cisco VPN Concentrator. A vulnerability has been reported in some versions of the VPN Client. If an oversized profile name is passed to the vpnclient binary, a buffer overflow condition may occur. As vpnclient runs suid root, exploitation of this vulnerability will grant a local attacker root access to the vulnerable system. This vulnerability affects the VPN Client version 3.5.1 for Linux, Solaris and Mac OS X. Windows clients are not believed to be vulnerable. Earlier versions of the VPN Client may share this vulnerability, although this has not been confirmed. The Cisco VPN client is installed in the system with the suid root attribute by default, and the program lacks correct and sufficient checks on the data submitted by the user to the \"connect\" parameter, and the attacker can submit a very long file name (over 520 bytes) to The \"connect\" parameter can cause a buffer overflow, and carefully constructing the file name data may execute arbitrary commands in the system with root privileges

Trust: 1.26

sources: NVD: CVE-2002-1447 // BID: 5056 // VULHUB: VHN-5832

AFFECTED PRODUCTS

vendor:ciscomodel:vpn clientscope:lteversion:3.5.1

Trust: 1.0

vendor:ciscomodel:vpn clientscope:eqversion:3.5.1

Trust: 0.6

vendor:ciscomodel:vpn client for solarisscope:eqversion:3.5.1

Trust: 0.3

vendor:ciscomodel:vpn client for mac osscope:eqversion:x3.5.1

Trust: 0.3

vendor:ciscomodel:vpn client for linuxscope:eqversion:3.5.1

Trust: 0.3

vendor:ciscomodel:vpn client for solarisscope:neversion:3.5.2

Trust: 0.3

vendor:ciscomodel:vpn client for mac osscope:neversion:x3.5.2

Trust: 0.3

vendor:ciscomodel:vpn client for linuxscope:neversion:3.5.2

Trust: 0.3

sources: BID: 5056 // CNNVD: CNNVD-200205-052 // NVD: CVE-2002-1447

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1447
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200205-052
value: HIGH

Trust: 0.6

VULHUB: VHN-5832
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-1447
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5832
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5832 // CNNVD: CNNVD-200205-052 // NVD: CVE-2002-1447

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1447

THREAT TYPE

local

Trust: 0.9

sources: BID: 5056 // CNNVD: CNNVD-200205-052

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 5056 // CNNVD: CNNVD-200205-052

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-5832

EXTERNAL IDS
db:BIDid:5056
Trust: 2.0
db:NVDid:CVE-2002-1447
Trust: 2.0
db:CNNVDid:CNNVD-200205-052
Trust: 0.7
db:CISCOid:20020619 BUFFER OVERFLOW IN UNIX VPN CLIENT
Trust: 0.6
db:BUGTRAQid:20020619 [AP] CISCO VPNCLIENT BUFFER OVERFLOW
Trust: 0.6
db:XFid:9376
Trust: 0.6
db:EXPLOIT-DBid:21568
Trust: 0.1
db:SEEBUGid:SSVID-75393
Trust: 0.1
db:VULHUBid:VHN-5832
Trust: 0.1
sources:
            
            
            VULHUB: VHN-5832 // 
            
            
            
            BID: 5056 // 
            
            
            
            CNNVD: CNNVD-200205-052 // 
            
            
            
            NVD: CVE-2002-1447

REFERENCES
url:http://www.securityfocus.com/bid/5056
Trust: 1.7
url:http://online.securityfocus.com/archive/1/277653
Trust: 1.7
url:http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml
Trust: 1.7
url:http://sec.angrypacket.com/advisories/0002_ap.vpnclient.txt
Trust: 1.7
url:http://www.iss.net/security_center/static/9376.php
Trust: 1.7
url:http://www.cisco.com/public/sw-center/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-5832 // 
            
            
            
            BID: 5056 // 
            
            
            
            CNNVD: CNNVD-200205-052 // 
            
            
            
            NVD: CVE-2002-1447

CREDITS
methodic※ methodic@bigunz.angrypacket.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200205-052

SOURCES
db:VULHUBid:VHN-5832
db:BIDid:5056
db:CNNVDid:CNNVD-200205-052
db:NVDid:CVE-2002-1447

LAST UPDATE DATE
2024-08-14T15:31:16.379000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-5832date:2008-09-05T00:00:00
db:BIDid:5056date:2009-07-11T13:56:00
db:CNNVDid:CNNVD-200205-052date:2005-06-06T00:00:00
db:NVDid:CVE-2002-1447date:2008-09-05T20:30:37.530

SOURCES RELEASE DATE
db:VULHUBid:VHN-5832date:2002-05-28T00:00:00
db:BIDid:5056date:2002-06-19T00:00:00
db:CNNVDid:CNNVD-200205-052date:2002-05-28T00:00:00
db:NVDid:CVE-2002-1447date:2002-05-28T04:00:00