Details of VAR-200210-0221

ID

VAR-200210-0221

CVE

CVE-2002-1067

TITLE

SEH IC9 Pocket print server WEB Management Interface Handling Password Fields Improper Remote Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-220

DESCRIPTION

Administrative web interface for IC9 Pocket Print Server Firmware 7.1.30 and 7.1.36f allows remote attackers to cause a denial of service (reboot and reset) via a long password, possibly due to a buffer overflow. IC9 is the Pocket Print Server distributed by SEH. It provides network capability to parallel port printers. A user accessing the web administration interface of a vulnerable device may be able to reboot the print server, and attached printer. This results in a denial of service, as the print server and printer are unavailable during the reboot process. If an attacker can access the WEB management interface and submit password data containing more than 300 bytes to the management interface program for processing, it will cause the printer to crash and the device to restart

Trust: 1.26

sources: NVD: CVE-2002-1067 // BID: 5329 // VULHUB: VHN-5456

AFFECTED PRODUCTS

vendor:	seh	model:	ic9 pocket print server	scope:	eq	version:	7.1.36	Trust: 1.6
vendor:	seh	model:	ic9 pocket print server	scope:	eq	version:	7.1.30	Trust: 1.6
vendor:	seh	model:	ic9	scope:	eq	version:	7.1.36	Trust: 0.3
vendor:	seh	model:	ic9	scope:	eq	version:	7.1.30	Trust: 0.3

sources: BID: 5329 // CNNVD: CNNVD-200210-220 // NVD: CVE-2002-1067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1067
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200210-220
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5456
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1067
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5456
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5456 // CNNVD: CNNVD-200210-220 // NVD: CVE-2002-1067

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1067

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-220

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 5329 // CNNVD: CNNVD-200210-220

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1067	Trust: 2.0
db:	BID	id:	5329	Trust: 2.0
db:	CNNVD	id:	CNNVD-200210-220	Trust: 0.7
db:	BUGTRAQ	id:	20020727 0815 ++ */ SEH_WEB	Trust: 0.6
db:	XF	id:	9	Trust: 0.6
db:	VULHUB	id:	VHN-5456	Trust: 0.1

sources: VULHUB: VHN-5456 // BID: 5329 // CNNVD: CNNVD-200210-220 // NVD: CVE-2002-1067

REFERENCES

url:	http://www.securityfocus.com/bid/5329	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-07/0336.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/9702.php	Trust: 1.7
url:	http://www.phenoelit.de/stuff/seh_web.txt	Trust: 0.3

sources: VULHUB: VHN-5456 // BID: 5329 // CNNVD: CNNVD-200210-220 // NVD: CVE-2002-1067

CREDITS

kim0 kim0@phenoelit.de

Trust: 0.6

sources: CNNVD: CNNVD-200210-220

SOURCES

db:	VULHUB	id:	VHN-5456
db:	BID	id:	5329
db:	CNNVD	id:	CNNVD-200210-220
db:	NVD	id:	CVE-2002-1067

LAST UPDATE DATE

2024-08-14T13:51:07.592000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5456	date:	2008-09-05T00:00:00
db:	BID	id:	5329	date:	2009-07-11T14:56:00
db:	CNNVD	id:	CNNVD-200210-220	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1067	date:	2008-09-05T20:29:41.723

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5456	date:	2002-10-04T00:00:00
db:	BID	id:	5329	date:	2002-07-27T00:00:00
db:	CNNVD	id:	CNNVD-200210-220	date:	2002-07-27T00:00:00
db:	NVD	id:	CVE-2002-1067	date:	2002-10-04T04:00:00