| Vulnerability Name: | CVE-2002-0973 (CCN-9903) | ||||||||
| Assigned: | 2002-08-19 | ||||||||
| Published: | 2002-08-19 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-02:38.signed-error Boundary checking errors involving signed integers Source: MITRE Type: CNA CVE-2002-0973 Source: FREEBSD Type: UNKNOWN FreeBSD-SA-02:38 Source: XF Type: UNKNOWN freebsd-negative-system-call-bo(9903) Source: CCN Type: OSVDB ID: 6045 FreeBSD Multiple System Call Integer Signedness Memory Access Source: BID Type: UNKNOWN 5493 Source: CCN Type: BID-5493 FreeBSD System Call Signed Integer Buffer Overflow Vulnerability Source: XF Type: UNKNOWN freebsd-negative-system-call-bo(9903) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||