Vulnerability Name:

CVE-2002-0666 (CCN-10411)

Assigned:2002-10-17
Published:2002-10-17
Updated:2008-09-10
Summary:IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: NETBSD
Type: UNKNOWN
NetBSD-SA2002-016

Source: CCN
Type: NetBSD Security Advisory NetBSD-SA2002-016
Insufficient length check in ESP authentication data

Source: MITRE
Type: CNA
CVE-2002-0666

Source: BINDVIEW
Type: Vendor Advisory
20021018 Denial of Service in IPSEC implementations

Source: CCN
Type: BindView RAZOR Security Advisory, October 18, 2002
Denial of Service in IPSEC implementations

Source: DEBIAN
Type: UNKNOWN
DSA-201

Source: DEBIAN
Type: DSA-201
freeswan -- denial of service

Source: CCN
Type: FreeBSD Web site
CVS log for src/sys/netinet6/esp_input.c

Source: XF
Type: Vendor Advisory
ipsec-packet-integer-overflow(10411)

Source: CCN
Type: US-CERT VU#459371
Multiple IPsec implementations do not adequately validate authentication data

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#459371

Source: CCN
Type: OSVDB ID: 7410
FreeS/WAN IPSEC Implementations Spoofed ESP Packet DoS

Source: CCN
Type: OSVDB ID: 74934
KAME IPSEC Implementations Spoofed ESP Packet DoS

Source: BID
Type: UNKNOWN
6011

Source: CCN
Type: BID-6011
Multiple Vendor IPSec Implementation Denial of Service Vulnerabilities

Source: XF
Type: UNKNOWN
ipsec-packet-integer-overflow(10411)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:frees_wan:frees_wan:1.9:*:*:*:*:*:*:*
  • OR cpe:/a:frees_wan:frees_wan:1.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:frees_wan:frees_wan:1.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:frees_wan:frees_wan:1.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:frees_wan:frees_wan:1.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:frees_wan:frees_wan:1.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:frees_wan:frees_wan:1.9.6:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.6:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.6:release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/h:global_technology_associates:gnat_box_firmware:3.1:*:*:*:*:*:*:*
  • OR cpe:/h:global_technology_associates:gnat_box_firmware:3.2:*:*:*:*:*:*:*
  • OR cpe:/h:global_technology_associates:gnat_box_firmware:3.3:*:*:*:*:*:*:*
  • OR cpe:/h:nec:bluefire_ix1035_router:*:*:*:*:*:*:*:*
  • OR cpe:/h:nec:ix1010:*:*:*:*:*:*:*:*
  • OR cpe:/h:nec:ix1011:*:*:*:*:*:*:*:*
  • OR cpe:/h:nec:ix1020:*:*:*:*:*:*:*:*
  • OR cpe:/h:nec:ix1050:*:*:*:*:*:*:*:*
  • OR cpe:/h:nec:ix2010:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:windriver:bsdos:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.3:-:*:*:*:*:*:*
  • OR cpe:/o:windriver:bsdos:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.4:-:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.5:-:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.6:-:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.6.2:-:*:*:*:*:*:*
  • OR cpe:/o:windriver:bsdos:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:bsdos:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:201
    V
    		denial of service
    2002-12-02
    BACK
    frees_wan frees wan 1.9
    frees_wan frees wan 1.9.1
    frees_wan frees wan 1.9.2
    frees_wan frees wan 1.9.3
    frees_wan frees wan 1.9.4
    frees_wan frees wan 1.9.5
    frees_wan frees wan 1.9.6
    apple mac os x 10.2
    apple mac os x server 10.2
    freebsd freebsd 4.6
    freebsd freebsd 4.6 release
    freebsd freebsd 4.6 stable
    netbsd netbsd 1.5
    netbsd netbsd 1.5
    netbsd netbsd 1.5
    netbsd netbsd 1.5.1
    netbsd netbsd 1.5.2
    netbsd netbsd 1.5.3
    netbsd netbsd 1.6 beta
    global_technology_associates gnat box firmware 3.1
    global_technology_associates gnat box firmware 3.2
    global_technology_associates gnat box firmware 3.3
    nec bluefire ix1035 router *
    nec ix1010 *
    nec ix1011 *
    nec ix1020 *
    nec ix1050 *
    nec ix2010 *
    windriver bsdos 4.3.1
    freebsd freebsd 4.0
    freebsd freebsd 4.1.1
    freebsd freebsd 4.1
    netbsd netbsd 1.5
    freebsd freebsd 4.2
    freebsd freebsd 4.3 -
    windriver bsdos 4.2
    netbsd netbsd 1.5.1
    freebsd freebsd 4.4 -
    netbsd netbsd 1.5.2
    freebsd freebsd 4.5 -
    debian debian linux 3.0
    freebsd freebsd 4.6 -
    netbsd netbsd 1.6 beta
    freebsd freebsd 4.6.1
    netbsd netbsd 1.5.3
    apple mac os x 10.2
    apple mac os x server 10.2
    freebsd freebsd 4.6.2 -
    windriver bsdos 4.3.1
    windriver bsdos 5.0