Details of VAR-200211-0055

ID

VAR-200211-0055

CVE

CVE-2002-1265

TITLE

Multiple Sun RPC-based libc implementations fails to provide time-out mechanism when reading data from TCP connections

Trust: 0.8

sources: CERT/CC: VU#266817

DESCRIPTION

The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). A denial-of-service vulnerability exists in multiple vendor Sun RPC-based libc implementations. A denial of service condition is reported to occur when data is read from a TCP connection. As a result, remote attackers may cause some services and daemons to hang. There is currently no detailed description of the vulnerability details. < *Link: http://www.kb.cert.org/vuls/id/266817* >

Trust: 2.7

sources: NVD: CVE-2002-1265 // CERT/CC: VU#266817 // JVNDB: JVNDB-2002-000273 // BID: 6103 // VULHUB: VHN-5650

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.1	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.4	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.2	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.5	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.1	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.2	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.11	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.4	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.3	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.8	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.9	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.3	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.13	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.2	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.3	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.6	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.7	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.1	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.5	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.3	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.4	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.10	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.6	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.1	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.12	Trust: 1.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.5	Trust: 1.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.2	Trust: 1.3
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.16f	Trust: 1.0
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.17f	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 1.0
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.15f	Trust: 1.0
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.15m	Trust: 1.0
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.16m	Trust: 1.0
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.17m	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.3.10	Trust: 1.0
vendor:	sgi	model:	irix	scope:	eq	version:	2.3.1	Trust: 1.0
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.14m	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.1.6	Trust: 1.0
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.14f	Trust: 1.0
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gnu glibc	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sgi	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	aix	scope:	eq	version:	4.3	Trust: 0.8
vendor:	ibm	model:	aix	scope:	eq	version:	5.1	Trust: 0.8
vendor:	ibm	model:	aix	scope:	eq	version:	5.2	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	2.6 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	2.6 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	7.0 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	7.0 (x86)	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.00	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.04	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.22	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.17	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	ne	version:	2.3.10	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.23	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.22	scope:	-	version:	-	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.16	Trust: 0.3
vendor:	sun	model:	solaris x86	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	ne	version:	6.5.18	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	sun	model:	solaris 2.6 x86	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.04	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	sun	model:	solaris 8 x86	scope:	ne	version:	-	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	sun	model:	solaris 9 x86	scope:	ne	version:	-	Trust: 0.3
vendor:	sun	model:	solaris	scope:	ne	version:	9	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.14	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.15	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.1-6	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	ne	version:	2.3.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	ne	version:	2.3.4	Trust: 0.3
vendor:	sgi	model:	irix	scope:	ne	version:	6.5.19	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.3	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.11	scope:	-	version:	-	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.17	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.14	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.00	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sun	model:	solaris 7.0 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 8 sparc	scope:	ne	version:	-	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.16	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.15	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.3-10	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	ne	version:	2.3.3	Trust: 0.3

sources: CERT/CC: VU#266817 // BID: 6103 // JVNDB: JVNDB-2002-000273 // CNNVD: CNNVD-200211-031 // NVD: CVE-2002-1265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1265
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#266817
value:	10.31
Trust: 0.8
NVD:	CVE-2002-1265
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200211-031
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5650
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1265
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-5650
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#266817 // VULHUB: VHN-5650 // JVNDB: JVNDB-2002-000273 // CNNVD: CNNVD-200211-031 // NVD: CVE-2002-1265

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1265

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200211-031

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200211-031

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000273

PATCH

title:	HPSBUX01020	url:	http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01020	Trust: 0.8
title:	HPSBUX01020	url:	http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01020-272.html	Trust: 0.8
title:	Top Page	url:	http://www.ibm.com/jp/	Trust: 0.8
title:	51082	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-51082-1	Trust: 0.8
title:	51082	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-51082-3	Trust: 0.8

sources: JVNDB: JVNDB-2002-000273

EXTERNAL IDS

db:	CERT/CC	id:	VU#266817	Trust: 3.6
db:	NVD	id:	CVE-2002-1265	Trust: 2.8
db:	BID	id:	6103	Trust: 2.8
db:	JVNDB	id:	JVNDB-2002-000273	Trust: 0.8
db:	CNNVD	id:	CNNVD-200211-031	Trust: 0.7
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:2248	Trust: 0.6
db:	SUNALERT	id:	51082	Trust: 0.6
db:	SGI	id:	20021103-01-P	Trust: 0.6
db:	HP	id:	HPSBUX01020	Trust: 0.6
db:	XF	id:	10539	Trust: 0.6
db:	VULHUB	id:	VHN-5650	Trust: 0.1

sources: CERT/CC: VU#266817 // VULHUB: VHN-5650 // BID: 6103 // JVNDB: JVNDB-2002-000273 // CNNVD: CNNVD-200211-031 // NVD: CVE-2002-1265

REFERENCES

url:	http://www.kb.cert.org/vuls/id/266817	Trust: 2.8
url:	http://www.securityfocus.com/bid/6103	Trust: 2.5
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 1.7
url:	http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0800.1	Trust: 1.7
url:	ftp://patches.sgi.com/support/free/security/advisories/20021103-01-p	Trust: 1.7
url:	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082	Trust: 1.7
url:	http://www.iss.net/security_center/static/10539.php	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2248	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1265	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1265	Trust: 0.8
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2248	Trust: 0.6
url:	http://www4.itrc.hp.com/service/cki/docdisplay.do?admit=-938907319+1109257808495+28353475&docid=hpsbux01020	Trust: 0.3
url:	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f51082	Trust: 0.3

sources: CERT/CC: VU#266817 // VULHUB: VHN-5650 // BID: 6103 // JVNDB: JVNDB-2002-000273 // CNNVD: CNNVD-200211-031 // NVD: CVE-2002-1265

CREDITS

Vulnerability first announced in a CERT Vulnerability Note.

Trust: 0.3

sources: BID: 6103

SOURCES

db:	CERT/CC	id:	VU#266817
db:	VULHUB	id:	VHN-5650
db:	BID	id:	6103
db:	JVNDB	id:	JVNDB-2002-000273
db:	CNNVD	id:	CNNVD-200211-031
db:	NVD	id:	CVE-2002-1265

LAST UPDATE DATE

2024-08-14T15:15:10.806000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#266817	date:	2003-04-09T00:00:00
db:	VULHUB	id:	VHN-5650	date:	2017-10-10T00:00:00
db:	BID	id:	6103	date:	2009-07-11T18:06:00
db:	JVNDB	id:	JVNDB-2002-000273	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200211-031	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1265	date:	2017-10-10T01:30:10.157

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#266817	date:	2002-11-04T00:00:00
db:	VULHUB	id:	VHN-5650	date:	2002-11-12T00:00:00
db:	BID	id:	6103	date:	2002-11-04T00:00:00
db:	JVNDB	id:	JVNDB-2002-000273	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200211-031	date:	2002-11-12T00:00:00
db:	NVD	id:	CVE-2002-1265	date:	2002-11-12T05:00:00