Lucene search

[email protected]CVE-2002-0884

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-0884

2002-10-0404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

format string

vulnerability

in.rarpd

arp server

solaris

unixware

open unix

remote code execution

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON

Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error.

CPENameOperatorVersion
caldera:unixwarecaldera unixwareeq7.1.1
sun:sunossun sunoseq5.7
sun:sunossun sunoseq5.8
caldera:openunixcaldera openunixeq8.0

CPE	Name	Operator	Version
caldera:unixware	caldera unixware	eq	7.1.1
sun:sunos	sun sunos	eq	5.7
sun:sunos	sun sunos	eq	5.8
caldera:openunix	caldera openunix	eq	8.0

References

ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt

archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html

online.securityfocus.com/archive/1/273584

www.iss.net/security_center/static/9150.php

www.securityfocus.com/bid/4791

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON