ID

VAR-200211-0055


CVE

CVE-2002-1265


TITLE

Multiple Sun RPC-based libc implementations fails to provide time-out mechanism when reading data from TCP connections

Trust: 0.8

sources: CERT/CC: VU#266817

DESCRIPTION

The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). A denial-of-service vulnerability exists in multiple vendor Sun RPC-based libc implementations. A denial of service condition is reported to occur when data is read from a TCP connection. As a result, remote attackers may cause some services and daemons to hang. There is currently no detailed description of the vulnerability details. < *Link: http://www.kb.cert.org/vuls/id/266817* >

Trust: 2.7

sources: NVD: CVE-2002-1265 // CERT/CC: VU#266817 // JVNDB: JVNDB-2002-000273 // BID: 6103 // VULHUB: VHN-5650

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.2.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.2.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.4

Trust: 1.6

vendor:gnumodel:glibcscope:eqversion:2.0.1

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.0.4

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.0

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.0.2

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.2.5

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.1.1

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.1.2

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.3

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.11

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.4

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.0.3

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.8

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.9

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.2.3

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.13

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.2.2

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.3

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.0.6

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.7

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.2.1

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.5

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.1.3

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.2.4

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.10

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.6

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.2

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.1

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.1

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.12

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.0.5

Trust: 1.3

vendor:sgimodel:irixscope:eqversion:6.5.2

Trust: 1.3

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.1.1.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.1.3.10

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 1.0

vendor:sgimodel:irixscope:eqversion:6.5.16m

Trust: 1.0

vendor:sgimodel:irixscope:eqversion:6.5.14f

Trust: 1.0

vendor:sgimodel:irixscope:eqversion:6.5.17m

Trust: 1.0

vendor:sgimodel:irixscope:eqversion:6.5.15f

Trust: 1.0

vendor:sgimodel:irixscope:eqversion:2.3.1

Trust: 1.0

vendor:sgimodel:irixscope:eqversion:6.5.16f

Trust: 1.0

vendor:sgimodel:irixscope:eqversion:6.5.14m

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 1.0

vendor:sgimodel:irixscope:eqversion:6.5.17f

Trust: 1.0

vendor:sgimodel:irixscope:eqversion:6.5.15m

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:gnu glibcmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:sgimodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel:aixscope:eqversion:4.3

Trust: 0.8

vendor:ibmmodel:aixscope:eqversion:5.1

Trust: 0.8

vendor:ibmmodel:aixscope:eqversion:5.2

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:2.6 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:2.6 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:7.0 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:7.0 (x86)

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.00

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.04

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.22

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.17

Trust: 0.3

vendor:gnumodel:glibcscope:neversion:2.3.10

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:hpmodel:hp-ux b.11.22scope: - version: -

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.16

Trust: 0.3

vendor:sunmodel:solaris x86scope:eqversion:2.5.1

Trust: 0.3

vendor:sgimodel:irixscope:neversion:6.5.18

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:sunmodel:solaris 2.6 x86scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.04scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:sunmodel:solaris 8 x86scope:neversion: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:gnumodel:glibcscope:eqversion:2.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:sunmodel:solaris 9 x86scope:neversion: -

Trust: 0.3

vendor:sunmodel:solarisscope:neversion:9

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:2.5.1

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.14

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.15

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:gnumodel:glibcscope:eqversion:2.1.1-6

Trust: 0.3

vendor:gnumodel:glibcscope:neversion:2.3.2

Trust: 0.3

vendor:gnumodel:glibcscope:neversion:2.3.4

Trust: 0.3

vendor:sgimodel:irixscope:neversion:6.5.19

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.17

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.14

Trust: 0.3

vendor:hpmodel:hp-ux b.11.00scope: - version: -

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:7.0

Trust: 0.3

vendor:sunmodel:solaris 7.0 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 8 sparcscope:neversion: -

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.16

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.15

Trust: 0.3

vendor:gnumodel:glibcscope:eqversion:2.1.3-10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:gnumodel:glibcscope:neversion:2.3.3

Trust: 0.3

sources: CERT/CC: VU#266817 // BID: 6103 // JVNDB: JVNDB-2002-000273 // CNNVD: CNNVD-200211-031 // NVD: CVE-2002-1265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1265
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#266817
value: 10.31

Trust: 0.8

NVD: CVE-2002-1265
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200211-031
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5650
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-1265
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-5650
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#266817 // VULHUB: VHN-5650 // JVNDB: JVNDB-2002-000273 // CNNVD: CNNVD-200211-031 // NVD: CVE-2002-1265

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1265

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200211-031

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200211-031

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000273

PATCH

title:HPSBUX01020url:http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01020

Trust: 0.8

title:HPSBUX01020url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01020-272.html

Trust: 0.8

title:Top Pageurl:http://www.ibm.com/jp/

Trust: 0.8

title:51082url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-51082-1

Trust: 0.8

title:51082url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-51082-3

Trust: 0.8

sources: JVNDB: JVNDB-2002-000273

EXTERNAL IDS

db:CERT/CCid:VU#266817

Trust: 3.6

db:NVDid:CVE-2002-1265

Trust: 2.8

db:BIDid:6103

Trust: 2.8

db:JVNDBid:JVNDB-2002-000273

Trust: 0.8

db:CNNVDid:CNNVD-200211-031

Trust: 0.7

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:2248

Trust: 0.6

db:SUNALERTid:51082

Trust: 0.6

db:SGIid:20021103-01-P

Trust: 0.6

db:HPid:HPSBUX01020

Trust: 0.6

db:XFid:10539

Trust: 0.6

db:VULHUBid:VHN-5650

Trust: 0.1

sources: CERT/CC: VU#266817 // VULHUB: VHN-5650 // BID: 6103 // JVNDB: JVNDB-2002-000273 // CNNVD: CNNVD-200211-031 // NVD: CVE-2002-1265

REFERENCES

url:http://www.kb.cert.org/vuls/id/266817

Trust: 3.8

url:http://www.securityfocus.com/bid/6103

Trust: 3.5

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 2.7

url:http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0800.1

Trust: 2.7

url:ftp://patches.sgi.com/support/free/security/advisories/20021103-01-p

Trust: 2.7

url:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082

Trust: 2.7

url:http://www.iss.net/security_center/static/10539.php

Trust: 2.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2248

Trust: 2.1

url:about vulnerability notes

Trust: 0.8

url:contact us about this vulnerability

Trust: 0.8

url:provide a vendor statement

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1265

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1265

Trust: 0.8

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2248

Trust: 0.6

url:http://www4.itrc.hp.com/service/cki/docdisplay.do?admit=-938907319+1109257808495+28353475&docid=hpsbux01020

Trust: 0.3

url:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f51082

Trust: 0.3

sources: CERT/CC: VU#266817 // VULHUB: VHN-5650 // BID: 6103 // JVNDB: JVNDB-2002-000273 // CNNVD: CNNVD-200211-031 // NVD: CVE-2002-1265

CREDITS

Vulnerability first announced in a CERT Vulnerability Note.

Trust: 0.3

sources: BID: 6103

SOURCES

db:CERT/CCid:VU#266817
db:VULHUBid:VHN-5650
db:BIDid:6103
db:JVNDBid:JVNDB-2002-000273
db:CNNVDid:CNNVD-200211-031
db:NVDid:CVE-2002-1265

LAST UPDATE DATE

2024-11-22T22:57:15.282000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#266817date:2003-04-09T00:00:00
db:VULHUBid:VHN-5650date:2017-10-10T00:00:00
db:BIDid:6103date:2009-07-11T18:06:00
db:JVNDBid:JVNDB-2002-000273date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200211-031date:2005-05-13T00:00:00
db:NVDid:CVE-2002-1265date:2024-11-20T23:40:56.103

SOURCES RELEASE DATE

db:CERT/CCid:VU#266817date:2002-11-04T00:00:00
db:VULHUBid:VHN-5650date:2002-11-12T00:00:00
db:BIDid:6103date:2002-11-04T00:00:00
db:JVNDBid:JVNDB-2002-000273date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200211-031date:2002-11-12T00:00:00
db:NVDid:CVE-2002-1265date:2002-11-12T05:00:00