Vulnerability CVE-2002-1914 - CERT Civis.Net

Vulnerability Name:

CVE-2002-1914 (CCN-9632)

Assigned:

2002-07-17

Published:

2002-07-17

Updated:

2008-09-05

Summary:

dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: BugTraq Mailing List, Wed Jul 17 2002 - 12:31:10 CDT
asciiSECURE advisory (2002-07-17/1)

Source: MITRE
Type: CNA
CVE-2002-1914

Source: BUGTRAQ
Type: UNKNOWN
20020717 asciiSECURE advisory (2002-07-17/1)

Source: CCN
Type: RHSA-2005-583
dump security update

Source: CCN
Type: SA21520
Avaya Products Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
21520

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-156.htm

Source: CCN
Type: ASA-2006-156
dump security update

Source: XF
Type: UNKNOWN
dump-flock-dumpdates-dos(9632)

Source: REDHAT
Type: UNKNOWN
RHSA-2005:583

Source: BID
Type: UNKNOWN
5264

Source: CCN
Type: BID-5264
Multiple Vendor Dump File Locking Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
dump-flock-dumpdates-dos(9632)

Vulnerable Configuration:

Configuration 1:

cpe:/a:dump:dump:0.4_b10:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b11:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b12:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b13:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b14:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b15:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b16:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b17:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b18:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b19:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b20:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b21:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b22:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b23:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b24:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b25:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b26:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b27:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b28:*:*:*:*:*:*:*

OR cpe:/a:dump:dump:0.4_b29:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*

OR cpe:/o:netbsd:netbsd:*:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

Denotes that component is vulnerable