Vulnerability Description
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Frees Wan | Frees Wan | 1.9 |
| Apple | Mac Os X | 10.2 |
| Apple | Mac Os X Server | 10.2 |
| Freebsd | Freebsd | 4.6 |
| Netbsd | Netbsd | 1.5 |
| Global Technology Associates | Gnat Box Firmware | 3.1 |
| Nec | Bluefire Ix1035 Router | All versions |
| Nec | Ix1010 | All versions |
| Nec | Ix1011 | All versions |
| Nec | Ix1020 | All versions |
| Nec | Ix1050 | All versions |
| Nec | Ix2010 | All versions |
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
- http://razor.bindview.com/publish/advisories/adv_ipsec.htmlVendor Advisory
- http://www.debian.org/security/2002/dsa-201
- http://www.iss.net/security_center/static/10411.phpVendor Advisory
- http://www.kb.cert.org/vuls/id/459371Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/6011
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
- http://razor.bindview.com/publish/advisories/adv_ipsec.htmlVendor Advisory
- http://www.debian.org/security/2002/dsa-201
- http://www.iss.net/security_center/static/10411.phpVendor Advisory
- http://www.kb.cert.org/vuls/id/459371Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/6011
FAQ
What is CVE-2002-0666?
CVE-2002-0666 is a vulnerability with a CVSS score of 5.0 (MEDIUM). IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via sp...
How severe is CVE-2002-0666?
CVE-2002-0666 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0666?
Check the references section above for vendor advisories and patch information. Affected products include: Frees Wan Frees Wan, Apple Mac Os X, Apple Mac Os X Server, Freebsd Freebsd, Netbsd Netbsd.