5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.033 Low
EPSS
Percentile
91.4%
IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service.
For background:
* [RFC 2401](<http://www.ietf.org/rfc/rfc2401.txt>) Security Architecture for the Internet Protocol
* [RFC 2402](<http://www.ietf.org/rfc/rfc2402.txt>) IP Authentication Header
* [RFC 2406](<http://www.ietf.org/rfc/rfc2406.txt>) IP Encapsulating Security Payload
IPsec supports integrity and authentication for IP traffic by including a cryptographic checksum in each IPsec datagram. This authentication data is compared to the Integrity Check Value (ICV) that is calculated by the recipient. If the values match, the datagram is considered valid.
BindView RAZOR has reported a vulnerability that exists in KAME (FreeBSD, NetBSD), FreeS/WAN (Linux), and possibly other IPsec implementations. While processing an IPsec datagram, vulnerable implementations do not properly calculate the length of the authentication data field for very small datagrams, resulting in an unsigned integer overflow. The ICV is then calculated for an overly large range of memory, which could cause a kernel panic on vulnerable systems.
A remote attacker could crash a vulnerable system with a specially crafted IPsec packet. The attacker would need to supply the source and destination IP addresses, the Security Parameters Index (SPI), and a suitably large sequence number. All of this information is transmitted in plain text.
Upgrade or Apply a Patch
Upgrade or apply a patch as specified by your vendor(s).
Restrict Access
When possible, restrict access to IPsec hosts and gateways. Note that this will not prevent attacks, it will only limit the number of potential sources.
459371
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 20, 2002 Updated: October 15, 2002
Affected
Vulnerable systems:
Mac OS X 10.2
Mac OS X Server 10.2
Fixed in:
Mac OS X 10.2.1
Mac OS X Server 10.2.1
Software updates are available from the “Software Update” pane in System Preferences or from the Apple Software Downloads site:
Mac OS X Update 10.2.1
<http://docs.info.apple.com/article.html?artnum=120147>Mac OS X Server Update 10.2.1
<http://docs.info.apple.com/article.html?artnum=120149>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: December 11, 2002
Affected
Please see Debian Security Advisory DSA-201.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: October 15, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
This vulnerability has been addressed in FreeBSD 4.7-RELEASE:
<http://www.FreeBSD.org/cgi/cvsweb.cgi/src/sys/netinet6/esp_input.c#rev1.1.2.7>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: December 02, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
FreeS/WAN 1.99 appears to address this issue:
[<http://www.freeswan.org/freeswan_trees/freeswan-1.99/CHANGES>]
“ESP (and AH, IPCOMP) potential DOS fix.”
[/klips/net/ipsec/ipsec_rcv.c]
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Updated: October 17, 2002
Affected
After analyzing the IPSec issue described in VU#459371 Global Technology Associates, Inc. has determined that GTA firewall products running GNAT Box system software version prior to version 3.3.1 are vulnerable to this attack. GTA has released system software updates to correct this vulnerability.
For users with systems running GNAT Box system software version 3.3.0 a system software update version 3.3.1 is available from GTA’s Online Support Center.
For users with systems running GNAT Box system software version 3.2.x a system software update version 3.2.6 is available from GTA’s Online Support Center.
For users with systems running GNAT Box system software version 3.1.x or earlier no software update is available. Users should either upgrade to version 3.3.1 or add Remote Access filters to restrict access to designated remote VPN gateways.
To report potential security vulnerabilities in GTA products, send an E-mail message to: [email protected].
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: December 11, 2002
Affected
The AIX operating system is vulnerable to the IPSec issues in releases 4.3.3, 5.1.0 and 5.2.0. Temporary patches are available through an efix package. The efix is available at the following URL:
<ftp://ftp.software.ibm.com/aix/efixes/security/ipsec_efix.tar.Z>
The following APARs will be available in the near future:
AIX 4.3.3 APAR IY37800 (available approx 1/29/03)
AIX 5.1.0 APAR IY37069 (available approx 12/18/02)
AIX 5.2.0 APAR IY37182 (available approx 4/28/03)
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: October 15, 2002 Updated: December 11, 2002
Affected
IIJ SEIL/neu routers
Firmware prior to 1.63 are vulnerable to this problem. Upgrade to firmware 1.63 or later (available at <http://www.seil-neu.com/>). If you do are not using IPsec, you are not affected, however, we suggest you to upgrade the firmware in any case.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: October 15, 2002
Affected
all past KAME-based implementations are vulnerable. which includes:
MacOS 10.2
BSDi/WindRiver BSD/OS 4.2 and beyond
NetBSD 1.5 and beyond
FreeBSD 4.0 and beyond
and probably (if they enable IPsec)
Juniper JunOS
Extreme Networks ExtremeWare
WindRiver VxWorks
Hitachi GR2000 router [CommWorks Total Control 100]
Fujitsu GeoStream 920/940 router
NEC IX5000
IIJ SEIL
the problem has corrected on kame tree on 2002/08/21.
The vendor has not provided us with any further information regarding this vulnerability.
For authoritative statements, please reference specific vendor records.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: December 11, 2002
Affected
sent on December 4, 2002
[Router Products]
* IX 5000 Series
- is NOT vulnerable.
* IX 1000 / 2000 Series (IX1010, IX1011, IX1020, IX1050, Bluefire IX1035 and IX2010)
- is vulnerable in the case of Version 4.1 or prior. The exploitation is possible only when IPsec is enabled.
- Fixed verion is 4.2.13 or greater.
- To get fixed software, please contact to: <>
- More information (in Japanese): <>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: October 22, 2002
Affected
See NetBSD security advisory SA2002-016.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: October 11, 2002 Updated: October 15, 2002
Affected
eSoft InstaGate is only vulnerable to this denial of service attack if the attacker knows both the IP address of a tunnel endpoint and the SPI value for that tunnel. A patch is available through eSoft’s SoftPak Director.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: October 15, 2002
Not Affected
In relation to this CERT advisory on security vulnerability in IPsec implementations, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. An initial analysis has shown that none of our products is affected when used as delivered to customers. In particular, the OmniAccess 210, 250, 512 and OmniPCX Office are not affected.
Customers may contact their Alcatel support representative for more details. The security of our customers’ networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential security vulnerabilities in our products using IPsec technology and will provide updates if necessary.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: December 11, 2002
Not Affected
Avaya VPN products, including the VPN Service Unit (VSU) Series of VPN Gateways as well as the VPNremote desktop VPN client software, do not exhibit this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: October 10, 2002 Updated: October 18, 2002
Not Affected
We have determined that no BorderWare products are vulnerable to the attacks described in VU#459371.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: October 21, 2002
Not Affected
Cisco products are not vulnerable to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 22, 2002
Not Affected
Clavister Firewall with VPN module: Not vulnerable.
Clavister VPN Client: Not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: October 15, 2002
Not Affected
Cray, Inc. is not vulnerable as we provide no software that performs this type of function.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: October 15, 2002
Not Affected
SOURCE: Hewlett-Packard Company and Compaq Computer Corporation, a wholly-owned subsidiary of Hewlett-Packard Company
RE: x-reference SSRT2326 IPSEC
Not Vulnerable:
HP-UX
HP-MPE/ix
HP Tru64 UNIX
HP NonStop Servers
HP OpenVMS
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 27, 2002 Updated: October 15, 2002
Not Affected
We’ve checked up on our router (Hitachi,Ltd. GR2000 series) about VU#459371. Our IPsec implemantation is NOT vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: October 11, 2002 Updated: October 18, 2002
Not Affected
Intoto analyzed iGateway AH and ESP implementation for the DoS threat published in VU#459371, and found that iGateway is not vulnerable to this DoS attack.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: September 09, 2002 Updated: October 15, 2002
Not Affected
The Edge Switching and Routing products (specifically, the B-STDX 9000, CBX500, GX550, PSAX family and Springtide family) are not vulnerable to VU 459371.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: October 17, 2002
Not Affected
Microsoft has conducted a thorough investigation based on this report. Microsoft products are not affected by this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: October 21, 2002
Not Affected
MontaVista does not ship any IPSec applications, thus this is not applicable to us. We are not vulnerable to vu459371.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 27, 2002 Updated: August 29, 2002
Not Affected
NetScreen’s Global PRO family of network management applications does not use IPSec and is not vulnerable to the issues raised in VU#459371.
NetScreen has determined that ScreenOS, the operating software for NetScreen security devices, is not vulnerable to the issues raised in VU#459371.
The IPSec implementation in the NetScreen Remote family of VPN and security clients has been examined and NetScreen has determined that it is not vulnerable to the issues raised in VU#459371.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: October 10, 2002 Updated: October 15, 2002
Not Affected
NetApp products are not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: December 11, 2002
Not Affected
The following Nortel Networks products implement IPsec but are not affected by the vulnerabilities noted in VU#459371:
The Preside Multi-Service Data Manager (MDM) is not affected.
There are no issues with the Contivity Platform, this includes the:
Contivity 600/1500/1600/2000/2500/2600/4500/4600
Contivity 1010/1050/1100
Contivity 1700/2700
Contivity software releases 3.5 and beyond including the Contivity VPN Client
The Shasta 5000 Broadband Services Node is not affected.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: October 21, 2002
Not Affected
Openwall GNU/*/Linux is not vulnerable. We don’t yet support IPsec.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: December 11, 2002
Not Affected
1. CERT/CC Vulnerability Note VU#459371
=======================================
Multiple IPSec implementations do not adequately validate
authentication data:
CERT/CC has announced a new vulnerability on IPSec (see the
"Vulnerability Note VU#459371" referred). Based on our review, SSH
IPSEC Express Toolkit 4.x/5.x and SSH QuickSec Toolkit 1.x are not
vulnerable to the attack described. The sanity check relevant for
this functionality is located in the transform code of the IPSec
packet processing.
More information can be found at:
<http://www.kb.cert.org/vuls/id/459371>
This vulnerability has been assigned CAN-2002-0666 by CVE.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: October 15, 2002
Not Affected
SafeNet’s VPN clients are not susceptible to this vulerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: October 11, 2002 Updated: October 15, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: December 11, 2002 Updated: December 11, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 20, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
Notified: August 21, 2002 Updated: August 29, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).
View all 52 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
The CERT/CC thanks Todd Sabin of BindView RAZOR for discovering and reporting this issue.
This document was written by Art Manion.
CVE IDs: | CVE-2002-0666 |
---|---|
Severity Metric: | 5.14 Date Public: |