Details of VAR-200207-0051

ID

VAR-200207-0051

CVE

CVE-2002-0663

TITLE

Symantec Norton Personal Firewall/Internet Security 2001 Remote buffer overflow vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200207-131

DESCRIPTION

Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request. The condition is reportedly due to an inability to handle large requests. The overflow occurs in kernel memory. It may be possible to execute arbitrary code in this context to compromise the system. The HTTP proxy component included in NPIF lacks correct buffer boundary checks when handling very long hostnames. Remote attackers can exploit this vulnerability to perform buffer overflow attacks. An attacker could exploit this vulnerability by accessing NPIF's HTTP proxy requests through an internal connection or by attaching a malicious email or instructing the user to connect to a malicious WEB site to download code

Trust: 1.26

sources: NVD: CVE-2002-0663 // BID: 5237 // VULHUB: VHN-5054

AFFECTED PRODUCTS

vendor:	symantec	model:	norton internet security	scope:	eq	version:	2001	Trust: 1.6
vendor:	symantec	model:	norton personal firewall	scope:	eq	version:	2001_3.0.4.91	Trust: 1.6
vendor:	symantec	model:	norton personal firewall	scope:	eq	version:	20013.0.4.91	Trust: 0.3
vendor:	symantec	model:	norton internet security	scope:	eq	version:	20010	Trust: 0.3
vendor:	symantec	model:	norton personal firewall	scope:	ne	version:	2002	Trust: 0.3
vendor:	symantec	model:	norton internet security professional edition	scope:	ne	version:	20020	Trust: 0.3
vendor:	symantec	model:	norton internet security	scope:	ne	version:	20020	Trust: 0.3

sources: BID: 5237 // CNNVD: CNNVD-200207-131 // NVD: CVE-2002-0663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0663
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200207-131
value:	HIGH
Trust: 0.6
VULHUB:	VHN-5054
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-0663
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5054
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5054 // CNNVD: CNNVD-200207-131 // NVD: CVE-2002-0663

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200207-131

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 5237 // CNNVD: CNNVD-200207-131

EXTERNAL IDS

db:	BID	id:	5237	Trust: 2.0
db:	NVD	id:	CVE-2002-0663	Trust: 1.7
db:	OSVDB	id:	4366	Trust: 1.7
db:	CNNVD	id:	CNNVD-200207-131	Trust: 0.7
db:	ATSTAKE	id:	A071502-1	Trust: 0.6
db:	XF	id:	9579	Trust: 0.6
db:	VULHUB	id:	VHN-5054	Trust: 0.1

sources: VULHUB: VHN-5054 // BID: 5237 // CNNVD: CNNVD-200207-131 // NVD: CVE-2002-0663

REFERENCES

url:	http://securityresponse.symantec.com/avcenter/security/content/2002.07.15.html	Trust: 3.0
url:	http://www.atstake.com/research/advisories/2002/a071502-1.txt	Trust: 2.7
url:	http://www.securityfocus.com/bid/5237	Trust: 2.7
url:	http://www.osvdb.org/4366	Trust: 2.7
url:	http://www.iss.net/security_center/static/9579.php	Trust: 2.7
url:	http://www.symantec.com/sabu/nis/npf/	Trust: 0.3
url:	-	Trust: 0.1

sources: VULHUB: VHN-5054 // BID: 5237 // CNNVD: CNNVD-200207-131 // NVD: CVE-2002-0663

CREDITS

advisories@atstake.com

Trust: 0.6

sources: CNNVD: CNNVD-200207-131

SOURCES

db:	VULHUB	id:	VHN-5054
db:	BID	id:	5237
db:	CNNVD	id:	CNNVD-200207-131
db:	NVD	id:	CVE-2002-0663

LAST UPDATE DATE

2024-11-22T23:03:16.748000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5054	date:	2008-09-10T00:00:00
db:	BID	id:	5237	date:	2002-07-15T00:00:00
db:	CNNVD	id:	CNNVD-200207-131	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2002-0663	date:	2024-11-20T23:39:35.307

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5054	date:	2002-07-26T00:00:00
db:	BID	id:	5237	date:	2002-07-15T00:00:00
db:	CNNVD	id:	CNNVD-200207-131	date:	2002-07-26T00:00:00
db:	NVD	id:	CVE-2002-0663	date:	2002-07-26T04:00:00