Vulnerability Name:

CVE-2002-2223 (CCN-9850)

Assigned:2002-08-12
Published:2002-08-12
Updated:2017-07-29
Summary:Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: FreeBSD Security Notice FreeBSD-SN-02:05
security issues in ports

Source: MITRE
Type: CNA
CVE-2002-2222

Source: MITRE
Type: CNA
CVE-2002-2223

Source: MITRE
Type: CNA
CVE-2002-2224

Source: MITRE
Type: CNA
CVE-2002-2225

Source: MITRE
Type: CNA
CVE-2003-1320

Source: CCN
Type: US-CERT VU#287771
Multiple vendors` Internet Key Exchange (IKE) implementations do not properly handle IKE response packets

Source: CERT-VN
Type: US Government Resource
VU#287771

Source: CCN
Type: NetScreen Web site
NetScreen | High performance firewall, VPN, and traffic shaping. ASIC-based internet security a

Source: MISC
Type: UNKNOWN
http://www.netscreen.com/support/alerts/9_6_02.htm

Source: CCN
Type: OpenBSD 3.1 errata
010: RELIABILITY FIX: July 5, 2002

Source: CCN
Type: OSVDB ID: 60123
SafeNet VPN Client IKE Response Packet Handling Remote Overflow

Source: CCN
Type: OSVDB ID: 60124
PGPFreeware IKE Response Packet Handling Remote Overflow

Source: CCN
Type: OSVDB ID: 60125
NetScreen-Remote IKE Response Packet Handling Remote Overflow

Source: CCN
Type: OSVDB ID: 60126
Multiple BSD isakmpd isakmpd/message.c Crafted IKE Payload Sequence Remote DoS

Source: CCN
Type: OSVDB ID: 60379
SonicWALL Firmware IKE Response Packet Handling Remote Overflow

Source: CCN
Type: BID-5449
PGPFreeware Malformed IKE Response Packet Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
5668

Source: CCN
Type: BID-5668
Netscreen-Remote VPN Client IKE Packet Excessive Payloads Vulnerability

Source: XF
Type: UNKNOWN
ike-response-bo(9850)

Source: XF
Type: UNKNOWN
ike-response-bo(9850)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:juniper:netscreen_remote_security_client:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:juniper:netscreen_remote_vpn_client:8.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:pgp:freeware:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:juniper:netscreen_remote_security_client:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:juniper:netscreen_remote_vpn_client:8.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:ports_collection:*:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    juniper netscreen remote security client 8.0
    juniper netscreen remote vpn client 8.0
    pgp freeware 7.0.3
    juniper netscreen remote security client 8.0
    juniper netscreen remote vpn client 8.0
    freebsd ports collection *
    openbsd openbsd 3.1