Sign-up

ID

VAR-200211-0071


CVE

CVE-2002-0666


TITLE

Multiple IPsec implementations do not adequately validate authentication data

Trust: 0.8

sources: CERT/CC: VU#459371

DESCRIPTION

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. IBM AIX In IPSec of esp4_input() There is a vulnerability in the function that does not properly check the integrity of authentication data.There is a possibility of a kernel panic condition. A vulnerability in several implementations of IPSec related to handling of malformed ESP packets has been reported. On several systems, the conditions may be exploited to cause kernel panics. IPSEC is a set of IP security extensions that provide verification and encryption functions. It includes two types of packets, ESP and AH, represented by IP protocols 50 and 51 respectively. Several IPSec implementations have a vulnerability. Remote attackers can exploit this vulnerability to conduct denial of service attacks

Trust: 2.7

sources: NVD: CVE-2002-0666 // CERT/CC: VU#459371 // JVNDB: JVNDB-2002-000311 // BID: 6011 // VULHUB: VHN-5057

AFFECTED PRODUCTS

vendor:frees wanmodel:frees wanscope:eqversion:1.9.5

Trust: 1.6

vendor:frees wanmodel:frees wanscope:eqversion:1.9.1

Trust: 1.6

vendor:frees wanmodel:frees wanscope:eqversion:1.9.4

Trust: 1.6

vendor:frees wanmodel:frees wanscope:eqversion:1.9.2

Trust: 1.6

vendor:frees wanmodel:frees wanscope:eqversion:1.9

Trust: 1.6

vendor:frees wanmodel:frees wanscope:eqversion:1.9.6

Trust: 1.6

vendor:frees wanmodel:frees wanscope:eqversion:1.9.3

Trust: 1.6

vendor:netbsdmodel:netbsdscope:eqversion:1.6

Trust: 1.3

vendor:netbsdmodel:netbsdscope:eqversion:1.5.3

Trust: 1.3

vendor:netbsdmodel:netbsdscope:eqversion:1.5.2

Trust: 1.3

vendor:netbsdmodel:netbsdscope:eqversion:1.5.1

Trust: 1.3

vendor:netbsdmodel:netbsdscope:eqversion:1.5

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.6

Trust: 1.3

vendor:ibmmodel:aixscope:eqversion:5.2

Trust: 1.1

vendor:ibmmodel:aixscope:eqversion:5.1

Trust: 1.1

vendor:necmodel:ix1050scope:eqversion:*

Trust: 1.0

vendor:necmodel:ix1011scope:eqversion:*

Trust: 1.0

vendor:necmodel:ix1020scope:eqversion:*

Trust: 1.0

vendor:necmodel:ix2010scope:eqversion:*

Trust: 1.0

vendor:global associatesmodel:gnat boxscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2

Trust: 1.0

vendor:global associatesmodel:gnat boxscope:eqversion:3.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2

Trust: 1.0

vendor:necmodel:ix1010scope:eqversion:*

Trust: 1.0

vendor:global associatesmodel:gnat boxscope:eqversion:3.1

Trust: 1.0

vendor:necmodel:bluefire ix1035 routerscope:eqversion:*

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:debianmodel: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:frees wanmodel: - scope: - version: -

Trust: 0.8

vendor:global associatesmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:internet initiative iijmodel: - scope: - version: -

Trust: 0.8

vendor:kamemodel: - scope: - version: -

Trust: 0.8

vendor:necmodel: - scope: - version: -

Trust: 0.8

vendor:netbsdmodel: - scope: - version: -

Trust: 0.8

vendor:esoftmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel:aixscope:eqversion:4.3

Trust: 0.8

vendor:netbsdmodel:betascope:eqversion:1.6

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:1.5x86

Trust: 0.3

vendor:netbsdmodel:sh3scope:eqversion:1.5

Trust: 0.3

vendor:necmodel:ix2010scope: - version: -

Trust: 0.3

vendor:necmodel:ix1050scope: - version: -

Trust: 0.3

vendor:necmodel:ix1020scope: - version: -

Trust: 0.3

vendor:necmodel:ix1011scope: - version: -

Trust: 0.3

vendor:necmodel:ix1010scope: - version: -

Trust: 0.3

vendor:necmodel:bluefire ix1035scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:4.3.3

Trust: 0.3

vendor:globalmodel:technology associates gnat boxscope:eqversion:3.3

Trust: 0.3

vendor:globalmodel:technology associates gnat boxscope:eqversion:3.2

Trust: 0.3

vendor:globalmodel:technology associates gnat boxscope:eqversion:3.1

Trust: 0.3

vendor:frees wanmodel:frees/wanscope:eqversion:1.9.6

Trust: 0.3

vendor:frees wanmodel:frees/wanscope:eqversion:1.9.5

Trust: 0.3

vendor:frees wanmodel:frees/wanscope:eqversion:1.9.4

Trust: 0.3

vendor:frees wanmodel:frees/wanscope:eqversion:1.9.3

Trust: 0.3

vendor:frees wanmodel:frees/wanscope:eqversion:1.9.2

Trust: 0.3

vendor:frees wanmodel:frees/wanscope:eqversion:1.9.1

Trust: 0.3

vendor:frees wanmodel:frees/wanscope:eqversion:1.9

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.6

Trust: 0.3

vendor:esoftmodel:instagate xsp businessscope: - version: -

Trust: 0.3

vendor:esoftmodel:instagate xsp branchscope: - version: -

Trust: 0.3

vendor:esoftmodel:instagate proscope: - version: -

Trust: 0.3

vendor:bsdimodel:bsd/osscope:eqversion:4.3

Trust: 0.3

vendor:bsdimodel:bsd/osscope:eqversion:4.2

Trust: 0.3

vendor:astaromodel:security linuxscope:eqversion:3.210

Trust: 0.3

vendor:astaromodel:security linuxscope:eqversion:3.200

Trust: 0.3

vendor:astaromodel:security linuxscope:eqversion:2.030

Trust: 0.3

vendor:astaromodel:security linuxscope:eqversion:2.027

Trust: 0.3

vendor:astaromodel:security linuxscope:eqversion:2.026

Trust: 0.3

vendor:astaromodel:security linuxscope:eqversion:2.025

Trust: 0.3

vendor:astaromodel:security linuxscope:eqversion:2.024

Trust: 0.3

vendor:astaromodel:security linuxscope:eqversion:2.023

Trust: 0.3

vendor:astaromodel:security linuxscope:eqversion:2.016

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:astaromodel:security linuxscope:neversion:3.211

Trust: 0.3

sources: CERT/CC: VU#459371 // BID: 6011 // JVNDB: JVNDB-2002-000311 // CNNVD: CNNVD-200211-002 // NVD: CVE-2002-0666

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0666
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#459371
value: 5.14

Trust: 0.8

NVD: CVE-2002-0666
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200211-002
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5057
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-0666
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-5057
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#459371 // VULHUB: VHN-5057 // JVNDB: JVNDB-2002-000311 // CNNVD: CNNVD-200211-002 // NVD: CVE-2002-0666

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0666

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200211-002

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200211-002

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2002-000311

PATCH
title:Top Pageurl:http://www.ibm.com/jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2002-000311

EXTERNAL IDS
db:CERT/CCid:VU#459371
Trust: 3.6
db:NVDid:CVE-2002-0666
Trust: 2.8
db:BIDid:6011
Trust: 2.8
db:JVNDBid:JVNDB-2002-000311
Trust: 0.8
db:CNNVDid:CNNVD-200211-002
Trust: 0.7
db:BINDVIEWid:20021018 DENIAL OF SERVICE IN IPSEC IMPLEMENTATIONS
Trust: 0.6
db:NETBSDid:NETBSD-SA2002-016
Trust: 0.6
db:DEBIANid:DSA-201
Trust: 0.6
db:XFid:10411
Trust: 0.6
db:VULHUBid:VHN-5057
Trust: 0.1
sources:
            
            
            CERT/CC: VU#459371 // 
            
            
            
            VULHUB: VHN-5057 // 
            
            
            
            BID: 6011 // 
            
            
            
            JVNDB: JVNDB-2002-000311 // 
            
            
            
            CNNVD: CNNVD-200211-002 // 
            
            
            
            NVD: CVE-2002-0666

REFERENCES
url:http://razor.bindview.com/publish/advisories/adv_ipsec.html
Trust: 2.8
url:http://www.kb.cert.org/vuls/id/459371
Trust: 2.8
url:http://www.securityfocus.com/bid/6011
Trust: 2.5
url:http://www.debian.org/security/2002/dsa-201
Trust: 1.7
url:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2002-016.txt.asc
Trust: 1.7
url:http://www.iss.net/security_center/static/10411.php
Trust: 1.7
url:http://www.ietf.org/rfc/rfc2401.txt
Trust: 0.8
url:http://www.ietf.org/rfc/rfc2402.txt
Trust: 0.8
url:http://www.ietf.org/rfc/rfc2406.txt
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0666
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0666
Trust: 0.8
url:http://www.astaro.org/cgi/ultimatebb.cgi?ubb=get_topic;f=1;t=000137
Trust: 0.3
sources:
            
            
            CERT/CC: VU#459371 // 
            
            
            
            VULHUB: VHN-5057 // 
            
            
            
            BID: 6011 // 
            
            
            
            JVNDB: JVNDB-2002-000311 // 
            
            
            
            CNNVD: CNNVD-200211-002 // 
            
            
            
            NVD: CVE-2002-0666

CREDITS
Todd Sabin of Bindview.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200211-002

SOURCES
db:CERT/CCid:VU#459371
db:VULHUBid:VHN-5057
db:BIDid:6011
db:JVNDBid:JVNDB-2002-000311
db:CNNVDid:CNNVD-200211-002
db:NVDid:CVE-2002-0666

LAST UPDATE DATE
2024-08-14T14:42:24.276000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#459371date:2003-01-06T00:00:00
db:VULHUBid:VHN-5057date:2008-09-10T00:00:00
db:BIDid:6011date:2009-07-11T18:06:00
db:JVNDBid:JVNDB-2002-000311date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200211-002date:2012-11-30T00:00:00
db:NVDid:CVE-2002-0666date:2008-09-10T19:12:40.867

SOURCES RELEASE DATE
db:CERT/CCid:VU#459371date:2002-10-17T00:00:00
db:VULHUBid:VHN-5057date:2002-11-04T00:00:00
db:BIDid:6011date:2002-10-19T00:00:00
db:JVNDBid:JVNDB-2002-000311date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200211-002date:2002-10-19T00:00:00
db:NVDid:CVE-2002-0666date:2002-11-04T05:00:00