Details of VAR-200212-0524

ID

VAR-200212-0524

CVE

CVE-2002-1925

TITLE

Tiny Personal Firewall Local denial of service attacks and IP Forgery vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-808

DESCRIPTION

Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. Reportedly, Tiny Personal Firewall is vulnerable to a denial of service condition. The vulnerability occurs when a user selects to browse the Personal Firewall Agent Logs and when the system is being portscanned. This will cause Tiny Personal Firewall to consume all CPU resources and cause the system to stop responding and eventually crash. Tiny Personal Firewall is a firewall suitable for personal computers, which can protect against network attacks, worms, Trojan horses and viruses, and can run under the Microsoft Windows operating system. 2) IP forgery and denial of service attack vulnerability: When Tiny Personal Firewall is fully configured and the firewall level is set to high, there is a problem when Tiny Personal Firewall blocks the communication whose source address is the IP address of the firewall itself, and the attacker can forge the source address Bypass firewall rules for packets to the firewall's own IP address

Trust: 1.26

sources: NVD: CVE-2002-1925 // BID: 5525 // VULHUB: VHN-6308

AFFECTED PRODUCTS

vendor:	tiny	model:	personal firewall	scope:	eq	version:	3.0.6	Trust: 1.9
vendor:	tiny	model:	personal firewall	scope:	eq	version:	3.0.5	Trust: 1.9
vendor:	tiny	model:	personal firewall	scope:	eq	version:	3.0	Trust: 1.9

sources: BID: 5525 // CNNVD: CNNVD-200212-808 // NVD: CVE-2002-1925

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1925
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200212-808
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-6308
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1925
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6308
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6308 // CNNVD: CNNVD-200212-808 // NVD: CVE-2002-1925

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1925

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-808

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200212-808

EXTERNAL IDS

db:	BID	id:	5525	Trust: 2.0
db:	NVD	id:	CVE-2002-1925	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-808	Trust: 0.7
db:	XF	id:	9918	Trust: 0.6
db:	NSFOCUS	id:	3334	Trust: 0.6
db:	BUGTRAQ	id:	20020820 NSSI-2002-TPFW: TINY PERSONAL FIREWALL 3.0 DENIAL OF SERVICE VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-6308	Trust: 0.1

sources: VULHUB: VHN-6308 // BID: 5525 // CNNVD: CNNVD-200212-808 // NVD: CVE-2002-1925

REFERENCES

url:	http://www.securityfocus.com/bid/5525	Trust: 1.7
url:	http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00298.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/9918.php	Trust: 1.7
url:	http://www.nsfocus.net/vulndb/3334	Trust: 0.6
url:	http://www.tinysoftware.com/home/tiny?s=7741043568395572227a0&&pg=tpf_summary	Trust: 0.3

sources: VULHUB: VHN-6308 // BID: 5525 // CNNVD: CNNVD-200212-808 // NVD: CVE-2002-1925

CREDITS

Aaron Lu※ b45h3r@techie.com

Trust: 0.6

sources: CNNVD: CNNVD-200212-808

SOURCES

db:	VULHUB	id:	VHN-6308
db:	BID	id:	5525
db:	CNNVD	id:	CNNVD-200212-808
db:	NVD	id:	CVE-2002-1925

LAST UPDATE DATE

2024-08-14T14:42:23.688000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6308	date:	2008-09-05T00:00:00
db:	BID	id:	5525	date:	2002-08-20T00:00:00
db:	CNNVD	id:	CNNVD-200212-808	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1925	date:	2008-09-05T20:31:52.340

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6308	date:	2002-12-31T00:00:00
db:	BID	id:	5525	date:	2002-08-20T00:00:00
db:	CNNVD	id:	CNNVD-200212-808	date:	2002-08-20T00:00:00
db:	NVD	id:	CVE-2002-1925	date:	2002-12-31T05:00:00