Vulnerability CVE-2002-2338 - CERT Civis.Net

Vulnerability Name:

CVE-2002-2338 (CCN-9343)

Assigned:

2002-06-12

Published:

2002-06-12

Updated:

2008-09-05

Summary:

The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: BugTraq Mailing List, Wed Jun 12 2002 - 14:00:49 CDT
Another small DoS on Mozilla <= 1.0 through pop3

Source: CONFIRM
Type: UNKNOWN
http://bugzilla.mozilla.org/show_bug.cgi?id=144228

Source: MITRE
Type: CNA
CVE-2002-2338

Source: CONFIRM
Type: UNKNOWN
http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html

Source: BUGTRAQ
Type: UNKNOWN
20020612 Another small DoS on Mozilla <= 1.0 through pop3

Source: XF
Type: UNKNOWN
mozilla-netscape-pop3-dos(9343)

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:074

Source: CCN
Type: OSVDB ID: 60244
Netscape POP3 Client Malformed Message Newline Handling Remote DoS

Source: CCN
Type: OSVDB ID: 60245
Mozilla POP3 Client Malformed Message Newline Handling Remote DoS

Source: BUGTRAQ
Type: UNKNOWN
20020614 Another small DoS on Mozilla <= 1.0 through pop3

Source: BID
Type: Exploit, Patch
5002

Source: CCN
Type: BID-5002
Netscape / Mozilla Malformed Email POP3 Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
mozilla-netscape-pop3-dos(9343)

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.0:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.4:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.5:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.06:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.6:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.07:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.7:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.08:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.51:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.61:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.72:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.73:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.74:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.75:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.76:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.77:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:6.0:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:6.0:*:mac:*:*:*:*:*

OR cpe:/a:netscape:navigator:6.01:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:6.1:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:6.2:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:6.2.1:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:6.2.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:netscape:communicator:4.5:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.51:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.6:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.61:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.06:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.7:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.76:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.77:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.07:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.08:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.4:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.72:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.73:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.74:*:*:*:*:*:*:*

OR cpe:/a:netscape:communicator:4.75:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*

Denotes that component is vulnerable