Details of VAR-200301-0017

ID

VAR-200301-0017

CVE

CVE-2002-1386

TITLE

Traceroute-Nanog Hostname Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 6274 // CNNVD: CNNVD-200301-001

DESCRIPTION

Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary code via a long hostname argument. Traceroute is a tool that is used to track packets in a TCP/IP network to determine the path of network connections. This vulnerability affects the Traceroute-Nanog program, written for Unix and Linux operating systems. It has been reported that a buffer overflow exists in Traceroute-Nanog. Due to insufficient bounds checking in the Traceroute-Nanog program, a user may execute the program with a hostname of arbitrary length, and cause the overwriting of stack memory within the process. This could result in the execution of attacker-supplied instructions

Trust: 1.26

sources: NVD: CVE-2002-1386 // BID: 6274 // VULHUB: VHN-5771

AFFECTED PRODUCTS

vendor:	ehud gavron	model:	tracesroute	scope:	eq	version:	6.1.1	Trust: 1.6
vendor:	ehud gavron	model:	tracesroute	scope:	eq	version:	6.0	Trust: 1.6
vendor:	ehud gavron	model:	tracesroute	scope:	eq	version:	6.1	Trust: 1.6
vendor:	ehud	model:	gavron tracesroute	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	ehud	model:	gavron tracesroute	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ehud	model:	gavron tracesroute	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 6274 // CNNVD: CNNVD-200301-001 // NVD: CVE-2002-1386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1386
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200301-001
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5771
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1386
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5771
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5771 // CNNVD: CNNVD-200301-001 // NVD: CVE-2002-1386

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1386

THREAT TYPE

local

Trust: 0.9

sources: BID: 6274 // CNNVD: CNNVD-200301-001

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200301-001

EXTERNAL IDS

db:	BID	id:	6274	Trust: 2.0
db:	NVD	id:	CVE-2002-1386	Trust: 2.0
db:	CNNVD	id:	CNNVD-200301-001	Trust: 0.7
db:	BUGTRAQ	id:	20021128 TRACEROUTENG - NEVER ENDING STORY	Trust: 0.6
db:	DEBIAN	id:	DSA-254	Trust: 0.6
db:	XF	id:	10608	Trust: 0.6
db:	VULHUB	id:	VHN-5771	Trust: 0.1

sources: VULHUB: VHN-5771 // BID: 6274 // CNNVD: CNNVD-200301-001 // NVD: CVE-2002-1386

REFERENCES

url:	http://www.securityfocus.com/bid/6274	Trust: 1.7
url:	http://www.debian.org/security/2003/dsa-254	Trust: 1.7
url:	http://www.iss.net/security_center/static/10608.php	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=103849968732634&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=103849968732634&w=2	Trust: 0.6
url:	/archive/1/301471	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=103849968732634&w=2	Trust: 0.1

sources: VULHUB: VHN-5771 // BID: 6274 // CNNVD: CNNVD-200301-001 // NVD: CVE-2002-1386

CREDITS

Vulnerability discovery credited to Paul Starzetz <paul@starzetz.de>.

Trust: 0.9

sources: BID: 6274 // CNNVD: CNNVD-200301-001

SOURCES

db:	VULHUB	id:	VHN-5771
db:	BID	id:	6274
db:	CNNVD	id:	CNNVD-200301-001
db:	NVD	id:	CVE-2002-1386

LAST UPDATE DATE

2024-08-14T14:09:07.112000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5771	date:	2016-10-18T00:00:00
db:	BID	id:	6274	date:	2009-07-11T19:16:00
db:	CNNVD	id:	CNNVD-200301-001	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1386	date:	2016-10-18T02:26:40.883

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5771	date:	2003-01-02T00:00:00
db:	BID	id:	6274	date:	2002-11-28T00:00:00
db:	CNNVD	id:	CNNVD-200301-001	date:	2003-01-02T00:00:00
db:	NVD	id:	CVE-2002-1386	date:	2003-01-02T05:00:00