Vulnerability Details CVE-2002-1500
Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET().
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.7%
CVSS Severity
CVSS v2 Score 7.2
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-014.txt.asc
- http://www.iss.net/security_center/static/10114.php
- http://www.securityfocus.com/bid/5727
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-014.txt.asc
- http://www.iss.net/security_center/static/10114.php
- http://www.securityfocus.com/bid/5727
Products affected by CVE-2002-1500
-
cpe:2.3:o:netbsd:netbsd:1.4
-
cpe:2.3:o:netbsd:netbsd:1.4.1
-
cpe:2.3:o:netbsd:netbsd:1.4.2
-
cpe:2.3:o:netbsd:netbsd:1.4.3
-
cpe:2.3:o:netbsd:netbsd:1.5
-
cpe:2.3:o:netbsd:netbsd:1.5.1
-
cpe:2.3:o:netbsd:netbsd:1.5.2
-
cpe:2.3:o:netbsd:netbsd:1.5.3