Vulnerability Details CVE-2002-0666
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 82.5%
CVSS Severity
CVSS v2 Score 5.0
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
- http://razor.bindview.com/publish/advisories/adv_ipsec.html
- http://www.debian.org/security/2002/dsa-201
- http://www.iss.net/security_center/static/10411.php
- http://www.kb.cert.org/vuls/id/459371
- http://www.securityfocus.com/bid/6011
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
- http://razor.bindview.com/publish/advisories/adv_ipsec.html
- http://www.debian.org/security/2002/dsa-201
- http://www.iss.net/security_center/static/10411.php
- http://www.kb.cert.org/vuls/id/459371
- http://www.securityfocus.com/bid/6011
Products affected by CVE-2002-0666
-
cpe:2.3:a:frees_wan:frees_wan:1.9
-
cpe:2.3:a:frees_wan:frees_wan:1.9.1
-
cpe:2.3:a:frees_wan:frees_wan:1.9.2
-
cpe:2.3:a:frees_wan:frees_wan:1.9.3
-
cpe:2.3:a:frees_wan:frees_wan:1.9.4
-
cpe:2.3:a:frees_wan:frees_wan:1.9.5
-
cpe:2.3:a:frees_wan:frees_wan:1.9.6
-
cpe:2.3:h:global_technology_associates:gnat_box_firmware:3.1
-
cpe:2.3:h:global_technology_associates:gnat_box_firmware:3.2
-
cpe:2.3:h:global_technology_associates:gnat_box_firmware:3.3
-
cpe:2.3:h:nec:bluefire_ix1035_router:-
-
cpe:2.3:h:nec:ix1010:-
-
cpe:2.3:h:nec:ix1011:-
-
cpe:2.3:h:nec:ix1020:-
-
cpe:2.3:h:nec:ix1050:-
-
cpe:2.3:h:nec:ix2010:-
-
cpe:2.3:o:apple:mac_os_x:10.2
-
cpe:2.3:o:apple:mac_os_x_server:10.2
-
cpe:2.3:o:freebsd:freebsd:4.6
-
cpe:2.3:o:netbsd:netbsd:1.5
-
cpe:2.3:o:netbsd:netbsd:1.5.1
-
cpe:2.3:o:netbsd:netbsd:1.5.2
-
cpe:2.3:o:netbsd:netbsd:1.5.3
-
cpe:2.3:o:netbsd:netbsd:1.6