Details of VAR-200301-0018

ID

VAR-200301-0018

CVE

CVE-2002-1387

TITLE

Traceroute-Nanog Spray Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 6275 // CNNVD: CNNVD-200301-002

DESCRIPTION

The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument. Traceroute is a tool that is used to track packets in a TCP/IP network to determine the path of network connections. This vulnerability affects the Traceroute-Nanog program, written for Unix and Linux operating systems. It has been reported that a buffer overflow exists in Traceroute-Nanog. Due to insufficient bounds checking in the Traceroute-Nanog program, a user may execute the program with a spray packets amount of excessive size, and cause the overwriting of stack memory within the process. This could result in the execution of attacker-supplied instructions. The spray mode in traceroute-nanog (also known as traceroute-ng) is vulnerable

Trust: 1.26

sources: NVD: CVE-2002-1387 // BID: 6275 // VULHUB: VHN-5772

AFFECTED PRODUCTS

vendor:	ehud gavron	model:	tracesroute	scope:	eq	version:	6.1.1	Trust: 1.6
vendor:	ehud gavron	model:	tracesroute	scope:	eq	version:	6.0	Trust: 1.6
vendor:	ehud gavron	model:	tracesroute	scope:	eq	version:	6.1	Trust: 1.6
vendor:	ehud	model:	gavron tracesroute	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	ehud	model:	gavron tracesroute	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ehud	model:	gavron tracesroute	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 6275 // CNNVD: CNNVD-200301-002 // NVD: CVE-2002-1387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1387
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200301-002
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5772
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1387
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5772
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5772 // CNNVD: CNNVD-200301-002 // NVD: CVE-2002-1387

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1387

THREAT TYPE

local

Trust: 0.9

sources: BID: 6275 // CNNVD: CNNVD-200301-002

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200301-002

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1387	Trust: 2.0
db:	CNNVD	id:	CNNVD-200301-002	Trust: 0.7
db:	BUGTRAQ	id:	20021128 TRACEROUTENG - NEVER ENDING STORY	Trust: 0.6
db:	BID	id:	6275	Trust: 0.4
db:	VULHUB	id:	VHN-5772	Trust: 0.1

sources: VULHUB: VHN-5772 // BID: 6275 // CNNVD: CNNVD-200301-002 // NVD: CVE-2002-1387

REFERENCES

url:	http://marc.info/?l=bugtraq&m=103849968732634&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=103849968732634&w=2	Trust: 0.6
url:	/archive/1/301471	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=103849968732634&w=2	Trust: 0.1

sources: VULHUB: VHN-5772 // BID: 6275 // CNNVD: CNNVD-200301-002 // NVD: CVE-2002-1387

CREDITS

Vulnerability discovery credited to Paul Starzetz <paul@starzetz.de>.

Trust: 0.9

sources: BID: 6275 // CNNVD: CNNVD-200301-002

SOURCES

db:	VULHUB	id:	VHN-5772
db:	BID	id:	6275
db:	CNNVD	id:	CNNVD-200301-002
db:	NVD	id:	CVE-2002-1387

LAST UPDATE DATE

2024-08-14T14:09:07.087000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5772	date:	2016-10-18T00:00:00
db:	BID	id:	6275	date:	2009-07-11T19:16:00
db:	CNNVD	id:	CNNVD-200301-002	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1387	date:	2016-10-18T02:26:42.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5772	date:	2003-01-02T00:00:00
db:	BID	id:	6275	date:	2002-11-28T00:00:00
db:	CNNVD	id:	CNNVD-200301-002	date:	2003-01-02T00:00:00
db:	NVD	id:	CVE-2002-1387	date:	2003-01-02T05:00:00