Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
53 vulnerabilities by alcatel
VAR-200112-0223
Vulnerability from variot - Updated: 2024-07-23 20:28Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. The San Diego Supercomputer Center (SDSC) has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line (ADSL) modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of the following impacts: unauthorized access, unauthorized monitoring, information leakage, denial of service, and permanent disability of affected devices.The SDSC has published additional information regarding these vulnerabilities at http://security.sdsc.edu/self-help/alcatel/. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Adsl Modem 1000 is prone to a remote security vulnerability. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. Alcatel ADSL modems are vulnerable. The vulnerability allows unauthenticated access to TFTP
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200112-0223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "lotus",
"version": null
},
{
"model": "speed touch adsl modem",
"scope": "eq",
"trust": 1.6,
"vendor": "alcatel",
"version": "home"
},
{
"model": "adsl modem 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "alcatel",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rit",
"version": null
},
{
"model": "adsl modem 1000",
"scope": null,
"trust": 0.6,
"vendor": "alcatel",
"version": null
},
{
"model": "speed touch adsl modem home",
"scope": null,
"trust": 0.3,
"vendor": "alcatel",
"version": null
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.101"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.51"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.49"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.48"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.47"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.46"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.45"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.44"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.43"
},
{
"model": "research labs the bat! f",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.42"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.42"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.41"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.39"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.36"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.35"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.34"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.33"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.32"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.31"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.22"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.21"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.19"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.18"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.17"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.15"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.14"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.5"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.1"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.043"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.041"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.039"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.036"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.035"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.032"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.031"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.029"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.028"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.015"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.011"
},
{
"model": "research labs the bat!",
"scope": "ne",
"trust": 0.3,
"vendor": "rit",
"version": "1.52"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel:speed_touch_adsl_modem:home:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:alcatel:adsl_modem_1000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89747"
}
],
"trust": 0.3
},
"cve": "CVE-2001-1484",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4288",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-1484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#211736",
"trust": 0.8,
"value": "27.56"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#676552",
"trust": 0.8,
"value": "10.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#601312",
"trust": 0.8,
"value": "9.98"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555464",
"trust": 0.8,
"value": "4.25"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#310816",
"trust": 0.8,
"value": "1.62"
},
{
"author": "CNNVD",
"id": "CNNVD-200112-195",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4288",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-4288"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. The San Diego Supercomputer Center (SDSC) has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line (ADSL) modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of the following impacts: unauthorized access, unauthorized monitoring, information leakage, denial of service, and permanent disability of affected devices.The SDSC has published additional information regarding these vulnerabilities at http://security.sdsc.edu/self-help/alcatel/. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Adsl Modem 1000 is prone to a remote security vulnerability. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure. This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account. Alcatel ADSL modems are vulnerable. The vulnerability allows unauthenticated access to TFTP",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1484"
},
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "VULHUB",
"id": "VHN-4288"
}
],
"trust": 5.13
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#211736",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2001-1484",
"trust": 2.0
},
{
"db": "BID",
"id": "2636",
"trust": 1.1
},
{
"db": "XF",
"id": "6336",
"trust": 0.9
},
{
"db": "BID",
"id": "2571",
"trust": 0.8
},
{
"db": "XF",
"id": "6349",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#676552",
"trust": 0.8
},
{
"db": "XF",
"id": "6347",
"trust": 0.8
},
{
"db": "BID",
"id": "2565",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#601312",
"trust": 0.8
},
{
"db": "BID",
"id": "2599",
"trust": 0.8
},
{
"db": "XF",
"id": "6350",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#555464",
"trust": 0.8
},
{
"db": "XF",
"id": "6423",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#310816",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "CA-2001-08",
"trust": 0.6
},
{
"db": "BID",
"id": "89747",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-4288",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-4288"
},
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"id": "VAR-200112-0223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4288"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:28:55.223000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/advisories/3208"
},
{
"trust": 2.0,
"url": "http://www.cert.org/advisories/ca-2001-08.html"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/211736"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6336"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/6336"
},
{
"trust": 0.8,
"url": "http://security.sdsc.edu/self-help/alcatel/"
},
{
"trust": 0.8,
"url": "http://www.alcatel.com/consumer/dsl/security.htm"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2571"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6349.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2565"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6347.php"
},
{
"trust": 0.8,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2599"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6350.php"
},
{
"trust": 0.8,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2636"
},
{
"trust": 0.8,
"url": "http://www.ritlabs.com/the_bat/index.html"
},
{
"trust": 0.8,
"url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6423.php"
},
{
"trust": 0.3,
"url": "http://www.thebat.net"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-4288"
},
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-4288"
},
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-04-10T00:00:00",
"db": "CERT/CC",
"id": "VU#211736"
},
{
"date": "2001-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#676552"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#555464"
},
{
"date": "2001-06-01T00:00:00",
"db": "CERT/CC",
"id": "VU#310816"
},
{
"date": "2001-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-4288"
},
{
"date": "2001-12-31T00:00:00",
"db": "BID",
"id": "89747"
},
{
"date": "2001-04-18T00:00:00",
"db": "BID",
"id": "2636"
},
{
"date": "2001-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"date": "2001-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#211736"
},
{
"date": "2001-07-26T00:00:00",
"db": "CERT/CC",
"id": "VU#676552"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#555464"
},
{
"date": "2001-08-30T00:00:00",
"db": "CERT/CC",
"id": "VU#310816"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-4288"
},
{
"date": "2001-12-31T00:00:00",
"db": "BID",
"id": "89747"
},
{
"date": "2001-04-18T00:00:00",
"db": "BID",
"id": "2636"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"date": "2017-07-11T01:29:09.680000",
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2636"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#211736"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2636"
}
],
"trust": 0.6
}
}
VAR-201506-0116
Vulnerability from variot - Updated: 2023-12-18 13:57Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. Alcatel OmniSwitch is an enterprise-class switch. Multiple Alcatel-Lucent OmniSwitch products are prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. Alcatel-Lucent OmniSwitch 6450, etc. are switches products of Alcatel-Lucent (Alcatel-Lucent) in France. The following products and versions are affected: using version 6.4.5.R02, version 6.4.6.R01, version 6.6.4.R01, version 6.6.5.R02, version 7.3.2.R01, version 7.3.3.R01, Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, 6860 with firmware 7.3.4.R01 and 8.1.1.R01
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "6.4.5.r02"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "6.4.6.r01"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "6.6.4.r01"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "6.6.5.r02"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "7.3.2.r01"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "7.3.3.r01"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "7.3.4.r01"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "8.1.1.r01"
},
{
"model": "omniswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel lucent",
"version": "6.6.4.r01"
},
{
"model": "omniswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel lucent",
"version": "8.1.1.r01"
},
{
"model": "omniswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel lucent",
"version": "7.3.2.r01"
},
{
"model": "omniswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel lucent",
"version": "6.6.5.r02"
},
{
"model": "omniswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel lucent",
"version": "7.3.4.r01"
},
{
"model": "omniswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel lucent",
"version": "6.4.5.r02"
},
{
"model": "omniswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel lucent",
"version": "6.4.6.r01"
},
{
"model": "omniswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel lucent",
"version": "7.3.3.r01"
},
{
"model": "omniswitch 10k",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6250",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6400",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6450",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6850e",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6855",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6860",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6900",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 9000e",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6860"
},
{
"model": "omniswitch 10k",
"scope": null,
"trust": 0.6,
"vendor": "alcatel",
"version": null
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6900"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6855"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6400"
},
{
"model": "omniswitch 9000e",
"scope": null,
"trust": 0.6,
"vendor": "alcatel",
"version": null
},
{
"model": "omniswitch 6850e",
"scope": null,
"trust": 0.6,
"vendor": "alcatel",
"version": null
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6250"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6450"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "7700"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "7800"
},
{
"model": "omniswitch 9000e 8.1.1.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 9000e 7.3.4.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 9000e 7.3.3.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 9000e 7.3.2.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 9000e 6.6.5.r02",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 9000e 6.6.4.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 9000e 6.4.6.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 9000e 6.4.5.r02",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 8.1.1.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6900"
},
{
"model": "omniswitch 7.3.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6900"
},
{
"model": "omniswitch 7.3.3.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6900"
},
{
"model": "omniswitch 7.3.2.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6900"
},
{
"model": "omniswitch 6.6.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6900"
},
{
"model": "omniswitch 6.6.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6900"
},
{
"model": "omniswitch 6.4.6.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6900"
},
{
"model": "omniswitch 6.4.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6900"
},
{
"model": "omniswitch 8.1.1.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6860"
},
{
"model": "omniswitch 7.3.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6860"
},
{
"model": "omniswitch 7.3.3.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6860"
},
{
"model": "omniswitch 7.3.2.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6860"
},
{
"model": "omniswitch 6.6.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6860"
},
{
"model": "omniswitch 6.6.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6860"
},
{
"model": "omniswitch 6.4.6.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6860"
},
{
"model": "omniswitch 6.4.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6860"
},
{
"model": "omniswitch 8.1.1.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6855"
},
{
"model": "omniswitch 7.3.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6855"
},
{
"model": "omniswitch 7.3.3.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6855"
},
{
"model": "omniswitch 7.3.2.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6855"
},
{
"model": "omniswitch 6.6.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6855"
},
{
"model": "omniswitch 6.6.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6855"
},
{
"model": "omniswitch 6.4.6.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6855"
},
{
"model": "omniswitch 6.4.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6855"
},
{
"model": "omniswitch 6850e 8.1.1.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6850e 7.3.4.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6850e 7.3.3.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6850e 7.3.2.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6850e 6.6.5.r02",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6850e 6.6.4.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6850e 6.4.6.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 6850e 6.4.5.r02",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 8.1.1.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6450"
},
{
"model": "omniswitch 7.3.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6450"
},
{
"model": "omniswitch 7.3.3.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6450"
},
{
"model": "omniswitch 7.3.2.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6450"
},
{
"model": "omniswitch 6.6.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6450"
},
{
"model": "omniswitch 6.6.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6450"
},
{
"model": "omniswitch 6.4.6.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6450"
},
{
"model": "omniswitch 6.4.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6450"
},
{
"model": "omniswitch 8.1.1.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6400"
},
{
"model": "omniswitch 7.3.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6400"
},
{
"model": "omniswitch 7.3.3.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6400"
},
{
"model": "omniswitch 7.3.2.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6400"
},
{
"model": "omniswitch 6.6.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6400"
},
{
"model": "omniswitch 6.6.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6400"
},
{
"model": "omniswitch 6.4.6.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6400"
},
{
"model": "omniswitch 6.4.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6400"
},
{
"model": "omniswitch 8.1.1.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6250"
},
{
"model": "omniswitch 7.3.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6250"
},
{
"model": "omniswitch 7.3.3.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6250"
},
{
"model": "omniswitch 7.3.2.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6250"
},
{
"model": "omniswitch 6.6.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6250"
},
{
"model": "omniswitch 6.6.4.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6250"
},
{
"model": "omniswitch 6.4.6.r01",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6250"
},
{
"model": "omniswitch 6.4.5.r02",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "6250"
},
{
"model": "omniswitch 10k 8.1.1.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 10k 7.3.4.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 10k 7.3.3.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 10k 7.3.2.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 10k 6.6.5.r02",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 10k 6.6.4.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 10k 6.4.6.r01",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch 10k 6.4.5.r02",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03785"
},
{
"db": "BID",
"id": "75121"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003165"
},
{
"db": "NVD",
"id": "CVE-2015-2805"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-297"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.5.r02",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1.r01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.6.5.r02",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.2.r01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.6.r01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.6.4.r01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.3.r01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.4.r01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_10k:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6860:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6900:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2805"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RedTeam Pentesting GmbH",
"sources": [
{
"db": "BID",
"id": "75121"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2805",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2015-03785",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-80766",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2805",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-03785",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-297",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80766",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03785"
},
{
"db": "VULHUB",
"id": "VHN-80766"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003165"
},
{
"db": "NVD",
"id": "CVE-2015-2805"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-297"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. Alcatel OmniSwitch is an enterprise-class switch. Multiple Alcatel-Lucent OmniSwitch products are prone to a cross-site request-forgery vulnerability. \nAn attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. Alcatel-Lucent OmniSwitch 6450, etc. are switches products of Alcatel-Lucent (Alcatel-Lucent) in France. The following products and versions are affected: using version 6.4.5.R02, version 6.4.6.R01, version 6.6.4.R01, version 6.6.5.R02, version 7.3.2.R01, version 7.3.3.R01, Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, 6860 with firmware 7.3.4.R01 and 8.1.1.R01",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2805"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003165"
},
{
"db": "CNVD",
"id": "CNVD-2015-03785"
},
{
"db": "BID",
"id": "75121"
},
{
"db": "VULHUB",
"id": "VHN-80766"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-80766",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80766"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2805",
"trust": 3.4
},
{
"db": "BID",
"id": "75121",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "132236",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "37261",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1032544",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003165",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-297",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-03785",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80766",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03785"
},
{
"db": "VULHUB",
"id": "VHN-80766"
},
{
"db": "BID",
"id": "75121"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003165"
},
{
"db": "NVD",
"id": "CVE-2015-2805"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-297"
}
]
},
"id": "VAR-201506-0116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03785"
},
{
"db": "VULHUB",
"id": "VHN-80766"
}
],
"trust": 1.322222233333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03785"
}
]
},
"last_update_date": "2023-12-18T13:57:36.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.alcatel-lucent.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80766"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003165"
},
{
"db": "NVD",
"id": "CVE-2015-2805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/37261/"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/jun/23"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/132236/alcatel-lucent-omniswitch-web-interface-cross-site-request-forgery.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1032544"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/75121"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-004/-alcatel-lucent-omniswitch-web-interface-cross-site-request-forgery"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2805"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2805"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/535732/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://enterprise.alcatel-lucent.com/?product=omniswitch6450\u0026page=overview"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03785"
},
{
"db": "VULHUB",
"id": "VHN-80766"
},
{
"db": "BID",
"id": "75121"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003165"
},
{
"db": "NVD",
"id": "CVE-2015-2805"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-297"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-03785"
},
{
"db": "VULHUB",
"id": "VHN-80766"
},
{
"db": "BID",
"id": "75121"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003165"
},
{
"db": "NVD",
"id": "CVE-2015-2805"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-297"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03785"
},
{
"date": "2015-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-80766"
},
{
"date": "2015-06-10T00:00:00",
"db": "BID",
"id": "75121"
},
{
"date": "2015-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003165"
},
{
"date": "2015-06-16T16:59:01.113000",
"db": "NVD",
"id": "CVE-2015-2805"
},
{
"date": "2015-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-297"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03785"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-80766"
},
{
"date": "2015-06-10T00:00:00",
"db": "BID",
"id": "75121"
},
{
"date": "2015-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003165"
},
{
"date": "2018-10-09T19:56:24.607000",
"db": "NVD",
"id": "CVE-2015-2805"
},
{
"date": "2015-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-297"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-297"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Alcatel-Lucent OmniSwitch Firmware management Web Cross-site request forgery vulnerability in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003165"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-297"
}
],
"trust": 0.6
}
}
VAR-200810-0216
Vulnerability from variot - Updated: 2023-12-18 13:44Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. Alcatel-Lucent OmniSwitch products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected software. Failed exploit attempts will result in a denial-of-service condition. Alcatel-Lucent OmniSwitch is a network switch product of French Alcatel-Lucent (Alcatel-Lucent). If the user sends 2392 bytes of data in the Cookie: Session= header, this overflow can be triggered, resulting in the execution of arbitrary instructions. The number of bytes required to trigger this overflow varies with the AOS version. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Alcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA31435
VERIFY ADVISORY: http://secunia.com/advisories/31435/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From local network
OPERATING SYSTEM: Alcatel-Lucent OmniSwitch 7000 Series http://secunia.com/product/789/ Alcatel-Lucent OmniSwitch 6600 Series http://secunia.com/product/19553/ Alcatel-Lucent OmniSwitch 6800 Series http://secunia.com/product/19554/ Alcatel-Lucent OmniSwitch 6850 Series http://secunia.com/product/19555/ Alcatel-Lucent OmniSwitch 9000 Series http://secunia.com/product/19556/
DESCRIPTION: Deral Heiland has reported a vulnerability in various OmniSwitch products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in the following Alcatel OmniSwitch products: * OS7000 Series * OS6600 Series * OS6800 Series * OS6850 Series * OS9000 Series
SOLUTION: Update to the following versions: * 5.4.1.429.R01 or higher * 5.1.6.463.R02 or higher * 6.1.3.965.R01 or higher * 6.1.5.595.R01 or higher * 6.3.1.966.R01 or higher
Contact the Alcatel-Lucent Technical Support for availability of other releases.
PROVIDED AND/OR DISCOVERED BY: Deral Heiland, Layered Defense Research
ORIGINAL ADVISORY: Alcatel-Lucent: http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm
Layered Defense Research: http://www.layereddefense.com/alcatel12aug.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200810-0216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os6850"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os9000"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os7000"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os6600"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os6800"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.5"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.1.6.463.r02"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.1"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.3.965.r01"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.3.1.966.r01"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.5.595.r01"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.3"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.4.1.429.r01"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.3"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.4"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.3"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.5.595.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.3.965.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.4"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.3.1.966.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.4.1.429.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.3"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.5"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.1.6.463.r02"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.1"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "5.1.6.463"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6.1.3.965"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "5.4.1.429"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6.3.1.966"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "5.1.1"
},
{
"model": "omniswitch os9000 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os7000 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os6850 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os6800 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os6600 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.3.965.r01",
"versionStartIncluding": "6.1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.5.595.r01",
"versionStartIncluding": "6.1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.3.1.966.r01",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.1.429.r01",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.6.463.r02",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os9000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os6600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os6850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os6800:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os7000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4383"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Deral Heiland\u203bhttp://www.layereddefense.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
],
"trust": 0.6
},
"cve": "CVE-2008-4383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-4383",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-34508",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-4383",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200810-030",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-34508",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. Alcatel-Lucent OmniSwitch products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied data. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected software. Failed exploit attempts will result in a denial-of-service condition. Alcatel-Lucent OmniSwitch is a network switch product of French Alcatel-Lucent (Alcatel-Lucent). If the user sends 2392 bytes of data in the Cookie: Session= header, this overflow can be triggered, resulting in the execution of arbitrary instructions. The number of bytes required to trigger this overflow varies with the AOS version. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nAlcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA31435\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31435/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nAlcatel-Lucent OmniSwitch 7000 Series\nhttp://secunia.com/product/789/\nAlcatel-Lucent OmniSwitch 6600 Series\nhttp://secunia.com/product/19553/\nAlcatel-Lucent OmniSwitch 6800 Series\nhttp://secunia.com/product/19554/\nAlcatel-Lucent OmniSwitch 6850 Series\nhttp://secunia.com/product/19555/\nAlcatel-Lucent OmniSwitch 9000 Series\nhttp://secunia.com/product/19556/\n\nDESCRIPTION:\nDeral Heiland has reported a vulnerability in various OmniSwitch\nproducts, which can be exploited by malicious people to cause a DoS\n(Denial of Service) or to compromise a vulnerable system. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nThe vulnerability is reported in the following Alcatel OmniSwitch\nproducts:\n* OS7000 Series\n* OS6600 Series\n* OS6800 Series\n* OS6850 Series\n* OS9000 Series\n\nSOLUTION:\nUpdate to the following versions:\n* 5.4.1.429.R01 or higher\n* 5.1.6.463.R02 or higher\n* 6.1.3.965.R01 or higher\n* 6.1.5.595.R01 or higher\n* 6.3.1.966.R01 or higher\n\nContact the Alcatel-Lucent Technical Support for availability of\nother releases. \n\nPROVIDED AND/OR DISCOVERED BY:\nDeral Heiland, Layered Defense Research\n\nORIGINAL ADVISORY:\nAlcatel-Lucent:\nhttp://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm\n\nLayered Defense Research:\nhttp://www.layereddefense.com/alcatel12aug.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "PACKETSTORM",
"id": "68969"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-4383",
"trust": 2.8
},
{
"db": "BID",
"id": "30652",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "31435",
"trust": 1.8
},
{
"db": "SREASON",
"id": "4347",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020657",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2346",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493",
"trust": 0.8
},
{
"db": "XF",
"id": "44400",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080812 LAYERED DEFENSE RESEARCH ADVISORY: ALCATEL-LUCENT OMNISWITCH PRODUCTS, STACK BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-34508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68969",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "PACKETSTORM",
"id": "68969"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"id": "VAR-200810-0216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:44:58.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alcatel-lucent.com"
},
{
"title": "PR 122812",
"trust": 0.8,
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/omniswitch.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/omniswitch.htm"
},
{
"trust": 1.8,
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/30652"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020657"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31435"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4347"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2346"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4383"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4383"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44400"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495343/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.alcatel-lucent.com/"
},
{
"trust": 0.3,
"url": "http://www1.alcatel-lucent.com/products/keywordresults.jsp?_requestid=28458"
},
{
"trust": 0.3,
"url": "/archive/1/495343"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31435/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19554/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19553/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19555/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/789/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19556/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "PACKETSTORM",
"id": "68969"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "PACKETSTORM",
"id": "68969"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-34508"
},
{
"date": "2008-08-06T00:00:00",
"db": "BID",
"id": "30652"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"date": "2008-08-13T01:46:19",
"db": "PACKETSTORM",
"id": "68969"
},
{
"date": "2008-10-03T22:22:41.057000",
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"date": "2008-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-34508"
},
{
"date": "2015-05-07T17:25:00",
"db": "BID",
"id": "30652"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"date": "2018-11-02T13:07:01.850000",
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"date": "2009-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel OmniSwitch Device stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
],
"trust": 0.6
}
}
VAR-200212-0002
Vulnerability from variot - Updated: 2023-12-18 13:41Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. This gives anyone access to the OmniSwitch's Vx-Works operating system without requiring a password. Alcatel Operating System (AOS) version 5.1.1 Works Alcatel OmniSwitch 7700/7800 The switch was used during development telnet Port for server (6778/TCP) Is ready for continuous use. this telnet By using the service, you do not need a password, OmniSwitch of Vx-Works operating system Can be accessed.A third party could remotely gain control of the vulnerable device. As a result, unauthorized access, unauthorized monitoring, information leakage, denial of service (denial-of-service, DoS) It may be accompanied by dangers such as attacks. OmniSwitch 7700/7800 LAN switch runs Alcatel Operating System (AOS) operating system. This service is used to access the Wind River Vx-Works operating system during the development phase, but before the product is released No removal. Attackers can use this service to control the entire system. It is distributed and maintained by Alcatel. It has been discovered that an unintended back door is built into some releases of AOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aos",
"scope": "eq",
"trust": 1.6,
"vendor": "alcatel",
"version": "5.1.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.1.1"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "aos",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "5.1.1"
},
{
"model": "aos .r03",
"scope": "ne",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "5.1.1"
},
{
"model": "aos .r02",
"scope": "ne",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "5.1.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Mirza Ahmad\u203b da@securityfocus.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2002-1272",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1272",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#181721",
"trust": 0.8,
"value": "49.50"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-022",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2002-1272",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. This gives anyone access to the OmniSwitch\u0027s Vx-Works operating system without requiring a password. Alcatel Operating System (AOS) version 5.1.1 Works Alcatel OmniSwitch 7700/7800 The switch was used during development telnet Port for server (6778/TCP) Is ready for continuous use. this telnet By using the service, you do not need a password, OmniSwitch of Vx-Works operating system Can be accessed.A third party could remotely gain control of the vulnerable device. As a result, unauthorized access, unauthorized monitoring, information leakage, denial of service (denial-of-service, DoS) It may be accompanied by dangers such as attacks. OmniSwitch 7700/7800 LAN switch runs Alcatel Operating System (AOS) operating system. This service is used to access the Wind River Vx-Works operating system during the development phase, but before the product is released No removal. Attackers can use this service to control the entire system. It is distributed and maintained by Alcatel. \nIt has been discovered that an unintended back door is built into some releases of AOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1272",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#181721",
"trust": 3.3
},
{
"db": "BID",
"id": "6220",
"trust": 2.0
},
{
"db": "XF",
"id": "10664",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2002-4084",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2002-32",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2002-1272",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"id": "VAR-200212-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-4084"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-4084"
}
]
},
"last_update_date": "2023-12-18T13:41:03.679000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/181721"
},
{
"trust": 2.0,
"url": "http://www.cert.org/advisories/ca-2002-32.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/6220"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/10664"
},
{
"trust": 1.1,
"url": "http://www.alcatel.com/support"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"trust": 0.8,
"url": "http://www.ind.alcatel.com/nextgen/omniswitch_7000_brief.pdf"
},
{
"trust": 0.8,
"url": "http://www.ind.alcatel.com/specs/index.cfm?cnt=7000"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1272"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vn/jvnca-2002-32/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-1272"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-11-20T00:00:00",
"db": "CERT/CC",
"id": "VU#181721"
},
{
"date": "2002-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"date": "2002-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"date": "2002-11-21T00:00:00",
"db": "BID",
"id": "6220"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"date": "2002-12-11T05:00:00",
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"date": "2002-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-11-21T00:00:00",
"db": "CERT/CC",
"id": "VU#181721"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"date": "2009-07-11T19:16:00",
"db": "BID",
"id": "6220"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"date": "2017-10-10T01:30:10.453000",
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel Operating System (AOS) does not require a password for accessing the telnet server",
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "6220"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
],
"trust": 0.9
}
}
VAR-201808-1005
Vulnerability from variot - Updated: 2023-12-18 13:23The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls). Alcatel A30 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Alcatel A30 is a smartphone product. A security vulnerability exists in Alcatel A30 (with TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys). An attacker can exploit this vulnerability to execute commands as the root user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-1005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a30",
"scope": "eq",
"trust": 1.6,
"vendor": "alcatel",
"version": "7.0"
},
{
"model": "alcatel a30",
"scope": null,
"trust": 0.8,
"vendor": "tcl communication holdings tcl communication",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010074"
},
{
"db": "NVD",
"id": "CVE-2018-6597"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-917"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:alcatel:a30_firmware:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel:a30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6597"
}
]
},
"cve": "CVE-2018-6597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-6597",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-136629",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6597",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6597",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-917",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-136629",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010074"
},
{
"db": "NVD",
"id": "CVE-2018-6597"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-917"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls). Alcatel A30 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Alcatel A30 is a smartphone product. A security vulnerability exists in Alcatel A30 (with TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys). An attacker can exploit this vulnerability to execute commands as the root user",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6597"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010074"
},
{
"db": "VULHUB",
"id": "VHN-136629"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6597",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010074",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-917",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-136629",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010074"
},
{
"db": "NVD",
"id": "CVE-2018-6597"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-917"
}
]
},
"id": "VAR-201808-1005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-136629"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:58.344000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://us.alcatelmobile.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010074"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010074"
},
{
"db": "NVD",
"id": "CVE-2018-6597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6597"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6597"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010074"
},
{
"db": "NVD",
"id": "CVE-2018-6597"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-917"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-136629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010074"
},
{
"db": "NVD",
"id": "CVE-2018-6597"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-917"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-136629"
},
{
"date": "2018-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010074"
},
{
"date": "2018-08-29T19:29:01.047000",
"db": "NVD",
"id": "CVE-2018-6597"
},
{
"date": "2018-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-917"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136629"
},
{
"date": "2018-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010074"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6597"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-917"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-917"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel A30 Vulnerabilities related to authorization, authority, and access control in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010074"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-917"
}
],
"trust": 0.6
}
}
VAR-199903-0049
Vulnerability from variot - Updated: 2023-12-18 13:21Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time. Omniswitch is prone to a security bypass vulnerability. Xylan OmniSwitch prior to 3.2.6 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199903-0049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "omniswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel",
"version": "3.2.4"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.9,
"vendor": "alcatel",
"version": "3.2.4"
}
],
"sources": [
{
"db": "BID",
"id": "87962"
},
{
"db": "NVD",
"id": "CVE-1999-1559"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-052"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel:omniswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1559"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87962"
}
],
"trust": 0.3
},
"cve": "CVE-1999-1559",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-1540",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-1999-1559",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-199903-052",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1540",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1540"
},
{
"db": "NVD",
"id": "CVE-1999-1559"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time. Omniswitch is prone to a security bypass vulnerability. Xylan OmniSwitch prior to 3.2.6 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1559"
},
{
"db": "BID",
"id": "87962"
},
{
"db": "VULHUB",
"id": "VHN-1540"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-1559",
"trust": 2.0
},
{
"db": "XF",
"id": "2064",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-199903-052",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "19990331 XYLAN OMNISWITCH \"FEATURES\"",
"trust": 0.6
},
{
"db": "BID",
"id": "87962",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-1540",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1540"
},
{
"db": "BID",
"id": "87962"
},
{
"db": "NVD",
"id": "CVE-1999-1559"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-052"
}
]
},
"id": "VAR-199903-0049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1540"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:21:28.849000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1559"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2064"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=92299263017061\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=92299263017061\u0026w=2"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/2064.php"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=92299263017061\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1540"
},
{
"db": "BID",
"id": "87962"
},
{
"db": "NVD",
"id": "CVE-1999-1559"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1540"
},
{
"db": "BID",
"id": "87962"
},
{
"db": "NVD",
"id": "CVE-1999-1559"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-1540"
},
{
"date": "1999-03-31T00:00:00",
"db": "BID",
"id": "87962"
},
{
"date": "1999-03-31T05:00:00",
"db": "NVD",
"id": "CVE-1999-1559"
},
{
"date": "1999-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199903-052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-1540"
},
{
"date": "1999-03-31T00:00:00",
"db": "BID",
"id": "87962"
},
{
"date": "2017-12-19T02:29:10.580000",
"db": "NVD",
"id": "CVE-1999-1559"
},
{
"date": "2006-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199903-052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xylan OmniSwitch Input validation vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-052"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-052"
}
],
"trust": 0.6
}
}
VAR-200412-0377
Vulnerability from variot - Updated: 2023-12-18 12:59Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled. Alcatel Omniswitch is a high-performance switch.
The OmniSwitch 7000 series switch system has problems processing some types of network communications. Remote attackers can use this vulnerability to conduct denial of service attacks on the switch.
When using Nessus for security scanning, it was found that the OmniSwitch 7000 series switches would be restarted, causing a denial of service. The problem is in the handling of scans by third-party security software. It has been reported that as a result of such scans, the switch reportedly reboots, impacting performance
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0377",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.6,
"vendor": "alcatel",
"version": "7000"
},
{
"model": "omniswitch 7800",
"scope": "eq",
"trust": 1.0,
"vendor": "alcatel",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "omniswitch 7800",
"scope": null,
"trust": 0.6,
"vendor": "alcatel",
"version": null
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "78000"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "77000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-0571"
},
{
"db": "BID",
"id": "9745"
},
{
"db": "NVD",
"id": "CVE-2004-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel:omniswitch_7800:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:alcatel:omniswitch:7000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2377"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Shekman\u203b michaels80@ci.manchester.ct.us",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2377",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-10805",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-2377",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-127",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10805",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10805"
},
{
"db": "NVD",
"id": "CVE-2004-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled. Alcatel Omniswitch is a high-performance switch. \n\n\u00a0The OmniSwitch 7000 series switch system has problems processing some types of network communications. Remote attackers can use this vulnerability to conduct denial of service attacks on the switch. \n\n\u00a0When using Nessus for security scanning, it was found that the OmniSwitch 7000 series switches would be restarted, causing a denial of service. \nThe problem is in the handling of scans by third-party security software. It has been reported that as a result of such scans, the switch reportedly reboots, impacting performance",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2377"
},
{
"db": "CNVD",
"id": "CNVD-2004-0571"
},
{
"db": "BID",
"id": "9745"
},
{
"db": "VULHUB",
"id": "VHN-10805"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-2377",
"trust": 2.3
},
{
"db": "BID",
"id": "9745",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "10981",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1009211",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "4064",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-127",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2004-0571",
"trust": 0.6
},
{
"db": "XF",
"id": "15318",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6098",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040219 ALCATEL OMNISWITCH 7000 SERIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-10805",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-0571"
},
{
"db": "VULHUB",
"id": "VHN-10805"
},
{
"db": "BID",
"id": "9745"
},
{
"db": "NVD",
"id": "CVE-2004-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
]
},
"id": "VAR-200412-0377",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10805"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:59:36.234000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2377"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/9745"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/355134"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/4064"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1009211"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/10981"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15318"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15318"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6098"
},
{
"trust": 0.3,
"url": "http://www.ind.alcatel.com/products/index.cfm?cnt=omniswitch_7000"
},
{
"trust": 0.3,
"url": "/archive/1/355134"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10805"
},
{
"db": "BID",
"id": "9745"
},
{
"db": "NVD",
"id": "CVE-2004-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2004-0571"
},
{
"db": "VULHUB",
"id": "VHN-10805"
},
{
"db": "BID",
"id": "9745"
},
{
"db": "NVD",
"id": "CVE-2004-2377"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-0571"
},
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10805"
},
{
"date": "2004-02-25T00:00:00",
"db": "BID",
"id": "9745"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2377"
},
{
"date": "2004-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-0571"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10805"
},
{
"date": "2004-02-25T00:00:00",
"db": "BID",
"id": "9745"
},
{
"date": "2017-07-11T01:31:50.670000",
"db": "NVD",
"id": "CVE-2004-2377"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel OmniSwitch 7000 Series Security Scan Denial of Service Attack Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-0571"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-127"
}
],
"trust": 0.6
}
}
VAR-200212-0032
Vulnerability from variot - Updated: 2023-12-18 12:40Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections. There is a vulnerability in several state-based firewall products that allows arbitrary remote attackers to conduct denial of service attacks against vulnerable firewalls. There is a vulnerability that causes the firewall to not accept new sessions by sending a large number of packets to a multi-vendor firewall by exploiting the state table specification.Service disruption to firewall (DoS) It may be in a state. It has been reported that many firewalls do not properly handle certain types of input. Firewall systems that maintain state could be attacked and forced into a situation where all service is denied. This condition would occur as a result of certain types of traffic floods. A comprehensive listing of affected products is not available at this time. A variety of firewall products use the state table to judge whether the obtained packet belongs to the existing session between two hosts. The firewall will remove relevant entries from the state table for different reasons, including session time-out expiration, detection of TCP FIN or TCP, RST packets, and so on. If new state entries are added faster than the firewall can delete entries, a remote attacker can exploit this to fill up all state table buffers, resulting in a denial of service attack. The packet of the session state is refused to accept, and the new connection will not be established, resulting in a denial of service attack. Attackers can use the following methods to attack: TCP SYN FLOOD In order to establish a TCP connection, the client and server must participate in a three-way handshake. The client system sends a SYN message to the server, and the server responds to the SYN message to the client by sending a SYN-ACK message. The client finally completes the establishment of the connection by replying to the ACK message, and then performs data transmission. In a SYN FLOOD attack, an attacker can send SYN packets with forged IP source addresses, making the communications appear to come from multiple clients. Because the client address is forged, the SYN-ACK message sent to the client will be discarded, and a large number of such communications can cause the firewall's entry table to be filled with forged entries, resulting in a denial of service attack. UDP Flood In a UDP FLOOD attack, the attacker can send a large number of small UDP packets with forged source IP addresses. However, since the UDP protocol is connectionless, there is no session state indication information (SYN, SYN-ACK, ACK, FIN, or RST) to help the firewall detect abnormal protocol states. As a result, state-based firewalls must rely on source and destination addresses to create state table entries and set session timeout values. The CRC check is calculated at each network layer and is used to determine whether data has been corrupted during transmission. C2 Flood is a packet containing an illegal checksum of the transport layer (TCP, UDP). Since the checksum of the transport layer does not go through the firewall operation, many implementations choose to optimize performance by ignoring these checksums, so if C2..
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscreen screenos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "3.0.1r1"
},
{
"model": "netscreen screenos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "2.7.1r2"
},
{
"model": "netscreen screenos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "2.7.1"
},
{
"model": "netscreen screenos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "2.7.1r1"
},
{
"model": "netscreen screenos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "3.0.1r2"
},
{
"model": "netscreen screenos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "3.0.3_r1.1"
},
{
"model": "netscreen screenos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "2.7.1r3"
},
{
"model": "netscreen screenos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "2.10_r3"
},
{
"model": "netscreen screenos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "2.10_r4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netscreen",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "4.1"
},
{
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng"
},
{
"model": "screenos r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.0.3"
},
{
"model": "screenos r2",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.0.1"
},
{
"model": "screenos r1",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.0.1"
},
{
"model": "screenos r4",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.10"
},
{
"model": "screenos r3",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.10"
},
{
"model": "screenos r3",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.7.1"
},
{
"model": "screenos r2",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.7.1"
},
{
"model": "screenos r1",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.7.1"
},
{
"model": "screenos",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.7.1"
},
{
"model": "omniaccess",
"scope": "ne",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "2500"
},
{
"model": "omniaccess",
"scope": "ne",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "2100"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#539363"
},
{
"db": "BID",
"id": "6023"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000250"
},
{
"db": "NVD",
"id": "CVE-2002-2150"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-425"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:netscreen_screenos:2.10_r3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:netscreen_screenos:2.10_r4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:netscreen_screenos:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:netscreen_screenos:2.7.1r1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:netscreen_screenos:3.0.3_r1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:netscreen_screenos:2.7.1r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:netscreen_screenos:3.0.1r1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:netscreen_screenos:2.7.1r3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:netscreen_screenos:3.0.1r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2150"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stephen Gill",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-425"
}
],
"trust": 0.6
},
"cve": "CVE-2002-2150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2002-2150",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-6533",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-2150",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#539363",
"trust": 0.8,
"value": "19.69"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-425",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6533",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#539363"
},
{
"db": "VULHUB",
"id": "VHN-6533"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000250"
},
{
"db": "NVD",
"id": "CVE-2002-2150"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-425"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections. There is a vulnerability in several state-based firewall products that allows arbitrary remote attackers to conduct denial of service attacks against vulnerable firewalls. There is a vulnerability that causes the firewall to not accept new sessions by sending a large number of packets to a multi-vendor firewall by exploiting the state table specification.Service disruption to firewall (DoS) It may be in a state. \nIt has been reported that many firewalls do not properly handle certain types of input. Firewall systems that maintain state could be attacked and forced into a situation where all service is denied. This condition would occur as a result of certain types of traffic floods. \nA comprehensive listing of affected products is not available at this time. A variety of firewall products use the state table to judge whether the obtained packet belongs to the existing session between two hosts. The firewall will remove relevant entries from the state table for different reasons, including session time-out expiration, detection of TCP FIN or TCP, RST packets, and so on. If new state entries are added faster than the firewall can delete entries, a remote attacker can exploit this to fill up all state table buffers, resulting in a denial of service attack. The packet of the session state is refused to accept, and the new connection will not be established, resulting in a denial of service attack. Attackers can use the following methods to attack: TCP SYN FLOOD In order to establish a TCP connection, the client and server must participate in a three-way handshake. The client system sends a SYN message to the server, and the server responds to the SYN message to the client by sending a SYN-ACK message. The client finally completes the establishment of the connection by replying to the ACK message, and then performs data transmission. In a SYN FLOOD attack, an attacker can send SYN packets with forged IP source addresses, making the communications appear to come from multiple clients. Because the client address is forged, the SYN-ACK message sent to the client will be discarded, and a large number of such communications can cause the firewall\u0027s entry table to be filled with forged entries, resulting in a denial of service attack. UDP Flood In a UDP FLOOD attack, the attacker can send a large number of small UDP packets with forged source IP addresses. However, since the UDP protocol is connectionless, there is no session state indication information (SYN, SYN-ACK, ACK, FIN, or RST) to help the firewall detect abnormal protocol states. As a result, state-based firewalls must rely on source and destination addresses to create state table entries and set session timeout values. The CRC check is calculated at each network layer and is used to determine whether data has been corrupted during transmission. C2 Flood is a packet containing an illegal checksum of the transport layer (TCP, UDP). Since the checksum of the transport layer does not go through the firewall operation, many implementations choose to optimize performance by ignoring these checksums, so if C2..",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2150"
},
{
"db": "CERT/CC",
"id": "VU#539363"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000250"
},
{
"db": "BID",
"id": "6023"
},
{
"db": "VULHUB",
"id": "VHN-6533"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#539363",
"trust": 3.6
},
{
"db": "BID",
"id": "6023",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2002-2150",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000250",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200212-425",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "3708",
"trust": 0.6
},
{
"db": "XF",
"id": "10449",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6533",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#539363"
},
{
"db": "VULHUB",
"id": "VHN-6533"
},
{
"db": "BID",
"id": "6023"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000250"
},
{
"db": "NVD",
"id": "CVE-2002-2150"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-425"
}
]
},
"id": "VAR-200212-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6533"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:40:40.298000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cisco.com/jp/index.shtml"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.checkpoint.co.jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/539363"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/6023"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10449.php"
},
{
"trust": 0.8,
"url": "http://www.qorbit.net/documents/maximizing-firewall-availability.pdf"
},
{
"trust": 0.8,
"url": "http://www.uwsg.iu.edu/usail/network/nfs/network_layers.html"
},
{
"trust": 0.8,
"url": "http://cr.yp.to/syncookies.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-2150"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-2150"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3708"
},
{
"trust": 0.3,
"url": "http://www.alcatel.com/"
},
{
"trust": 0.3,
"url": "http://www.netscreen.com/index.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#539363"
},
{
"db": "VULHUB",
"id": "VHN-6533"
},
{
"db": "BID",
"id": "6023"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000250"
},
{
"db": "NVD",
"id": "CVE-2002-2150"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-425"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#539363"
},
{
"db": "VULHUB",
"id": "VHN-6533"
},
{
"db": "BID",
"id": "6023"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000250"
},
{
"db": "NVD",
"id": "CVE-2002-2150"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-425"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-15T00:00:00",
"db": "CERT/CC",
"id": "VU#539363"
},
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6533"
},
{
"date": "2002-10-21T00:00:00",
"db": "BID",
"id": "6023"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000250"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2150"
},
{
"date": "2002-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-425"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-01-06T00:00:00",
"db": "CERT/CC",
"id": "VU#539363"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6533"
},
{
"date": "2002-10-21T00:00:00",
"db": "BID",
"id": "6023"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000250"
},
{
"date": "2008-09-05T20:32:27.760000",
"db": "NVD",
"id": "CVE-2002-2150"
},
{
"date": "2006-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-425"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-425"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "State-based firewalls fail to effectively manage session table resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#539363"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "6023"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-425"
}
],
"trust": 0.9
}
}
VAR-200212-0626
Vulnerability from variot - Updated: 2023-12-18 12:13Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. Multiple vendor SSH2 implementations are reported to be prone to buffer overflows. These buffer overflows are alleged to be exploitable prior to authentication. These conditions were discovered during tests of the initialization, key exchange, and negotiation phases (KEX, KEXINIT) of a SSH2 transaction between client and server. These issues are known to affect various client and server implementations of the protocol. Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations
Original issue date: December 16, 2002 Last revised: -- Source: CERT/CC
A complete revision history is at the end of this file.
I. It provides strong encryption, cryptographic host authentication, and integrity protection.... SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1.
Rapid7 has published a detailed advisory (R7-0009) and the SSHredder test suite.
Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder:
* CAN-2002-1357 - incorrect field lengths
* CAN-2002-1358 - lists with empty elements or multiple separators
* CAN-2002-1359 - "classic" buffer overflows
* CAN-2002-1360 - null characters in strings
II. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges.
III. Solution
Apply a patch or upgrade
Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A below and the Systems Affected section of VU#389665 for specific information.
Restrict access
Limit access to SSH servers to trusted hosts and networks using firewalls or other packet-filtering systems. Some SSH servers may have the ability to restrict access based on IP addresses, or similar effects may be achieved by using TCP wrappers or other related technology.
SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address.
While these workarounds will not prevent exploitation of these vulnerabilities, they will make attacks somewhat more difficult, in part by limiting the number of potential sources of attacks.
Appendix A. Vendor Information
This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments. The Systems Affected section of VU#389665 contains additional vendor status information.
Cisco Systems, Inc.
The official statement regarding this is that we are not
vulnerable.
Cray Inc.
Cray Inc. supports the OpenSSH product through their Cray Open
Software (COS) package. COS 3.3, available the end of December
2002, is not vulnerable. If a site is concerned, they can contact
their local Cray representive to obtain an early copy of the
OpenSSH contained in COS 3.3.
F-Secure
F-Secure SSH products are not exploitable via these attacks. While
F-Secure SSH versions 3.1.0 build 11 and earlier crash on these
malicious packets, we did not find ways to exploit this to gain
unauthorized access or to run arbitrary code. Furthermore, the
crash occurs in a forked process so the denial of service attacks
are not possible.
Fujitsu
Fujitsu's UXP/V OS is not vulnerable because it does not support
SSH.
IBM
IBM's AIX is not vulnerabible to the issues discussed in CERT
Vulnerability Note VU#389665.
lsh
I've now tried the testsuite with the latest stable release of lsh,
lsh-1.4.2. Both the client and the server seem NOT VULNERABLE.
NetScreen Technologies Inc.
Tested latest versions. Not Vulnerable.
OpenSSH
From my testing it seems that the current version of OpenSSH (3.5)
is not vulnerable to these problems, and some limited testing shows
that no version of OpenSSH is vulnerable.
Pragma Systems, Inc.
December 16, 2002
Rapid 7 and CERT Coordination Center Vulnerability report VU#389665
Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a
possible vulnerability with Version 2.0 of Pragma SecureShell.
Pragma Systems tested Pragma SecureShell 2.0 and the upcoming new
Version 3.0, and found that the attacks did cause a memory access
protection fault on Microsoft platforms.
After research, Pragma Systems corrected the problem.
The problem is corrected in Pragma SecureShell Version 3.0. Any
customers with concerns regarding this vulnerability report should
contact Pragma Systems, Inc at support@pragmasys.com for
information on obtaining an upgrade free of charge. Pragma's web
site is located at www.pragmasys.com and the company can be reached
at 1-512-219-7270.
PuTTY
PuTTY 0.53b addresses vulnerabilities discovered by SSHredder.
Appendix B. References
* CERT/CC Vulnerability Note: VU#389665 -
http://www.kb.cert.org/vuls/id/389665
* Rapid 7 Advisory: R7-0009 -
http://www.rapid7.com/advisories/R7-0009.txt
* Rapid 7 SSHredder test suite -
http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666
* IETF Draft: SSH Transport Layer Protocol -
http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.
txt
* IETF Draft: SSH Protocol Architecture -
http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-
13.txt
* Privilege Separated OpenSSH -
http://www.citi.umich.edu/u/provos/ssh/privsep.html
_________________________________________________________________
The CERT Coordination Center thanks Rapid7 for researching and reporting these vulnerabilities. ___________
Author: Art Manion.
This document is available from: http://www.cert.org/advisories/CA-2002-36.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2002 Carnegie Mellon University.
Revision History
December 16, 2002: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/ PlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd yIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3 xazIo8XEipc= =Nj+0 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0626",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 2.8,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "securenetterm",
"scope": "eq",
"trust": 1.7,
"vendor": "intersoft",
"version": "5.4.1"
},
{
"model": "shellguard ssh",
"scope": "eq",
"trust": 1.7,
"vendor": "netcomposite",
"version": "3.4.6"
},
{
"model": "winscp",
"scope": "eq",
"trust": 1.7,
"vendor": "winscp",
"version": "2.0.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.0s"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.0st"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.1e"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.1ea"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.1t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.2s"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.2t"
},
{
"model": "secureshell",
"scope": "eq",
"trust": 1.1,
"vendor": "pragma",
"version": "2.0"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.1,
"vendor": "putty",
"version": "0.48"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.1,
"vendor": "putty",
"version": "0.49"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.1,
"vendor": "putty",
"version": "0.53"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ssh client",
"scope": "eq",
"trust": 1.0,
"vendor": "fissh",
"version": "1.0a_for_windows"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f secure",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intersoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pragma",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "putty",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "riverstone",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "winscp",
"version": null
},
{
"model": "f-secure ssh",
"scope": "lte",
"trust": 0.8,
"vendor": "f secure",
"version": "3.1.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.53"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.49"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.48"
},
{
"model": "systems secureshell",
"scope": "eq",
"trust": 0.6,
"vendor": "pragma",
"version": "2.0"
},
{
"model": "ssh client for windows a",
"scope": "eq",
"trust": 0.6,
"vendor": "fissh",
"version": "1.0"
},
{
"model": "tatham putty b",
"scope": "ne",
"trust": 0.6,
"vendor": "simon",
"version": "0.53"
},
{
"model": "systems secureshell",
"scope": "ne",
"trust": 0.6,
"vendor": "pragma",
"version": "3.0"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.5"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.3"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.3"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2.3"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2.2"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.1"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.1"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0"
},
{
"model": "lsh",
"scope": "ne",
"trust": 0.6,
"vendor": "lsh",
"version": "1.5"
},
{
"model": "securenetterm",
"scope": "ne",
"trust": 0.6,
"vendor": "intersoft",
"version": "5.4.2"
},
{
"model": "ios 12.2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "winsshd",
"scope": "ne",
"trust": 0.6,
"vendor": "bitvise",
"version": "3.5"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10.2.06"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10.1.02"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.20"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.10"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.10.0.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2.111"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.3(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.0"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.6(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.6(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(3)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(2)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(2)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.4"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3(5)"
},
{
"model": "ons 15454e optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.14"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.6(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.6(0)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.5"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(3)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(2)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(0)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(2)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.4"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.3"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.2.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.1.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154542.3(5)"
},
{
"model": "ons ios-based blades",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15454"
},
{
"model": "ons metro edge optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15327"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.14"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.6(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.6(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(3)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(2)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0(2)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.4"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.3"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.2"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.1"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.0"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1)"
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ea",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1(0.208)"
},
{
"model": "aironet 1t",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "aironet 0t",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "webns .0.06s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10"
},
{
"model": "webns .0.06s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.20"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(1)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(5)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4.101)"
},
{
"model": "ios 12.2 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1c",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "aironet 1t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "securecrt",
"scope": "ne",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.3"
},
{
"model": "vshell",
"scope": "ne",
"trust": 0.3,
"vendor": "van dyke",
"version": "1.2"
},
{
"model": "ttssh",
"scope": "ne",
"trust": 0.3,
"vendor": "ttssh",
"version": "1.5.4"
},
{
"model": "ssh client",
"scope": "eq",
"trust": 0.1,
"vendor": "fissh",
"version": "1.0a for windows"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULMON",
"id": "CVE-2002-1359"
},
{
"db": "BID",
"id": "6407"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000324"
},
{
"db": "NVD",
"id": "CVE-2002-1359"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-041"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1359"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rapid 7 Security Advisories\u203b advisory@rapid7.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-041"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2002-1359",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-5744",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1359",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1359",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#389665",
"trust": 0.8,
"value": "11.04"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-041",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-5744",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2002-1359",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5744"
},
{
"db": "VULMON",
"id": "CVE-2002-1359"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000324"
},
{
"db": "NVD",
"id": "CVE-2002-1359"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-041"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. Multiple vendor SSH2 implementations are reported to be prone to buffer overflows. These buffer overflows are alleged to be exploitable prior to authentication. \nThese conditions were discovered during tests of the initialization, key exchange, and negotiation phases (KEX, KEXINIT) of a SSH2 transaction between client and server. These issues are known to affect various client and server implementations of the protocol. \nFurther details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\n\nCERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations\n\n Original issue date: December 16, 2002\n Last revised: --\n Source: CERT/CC\n\n A complete revision history is at the end of this file. \n\n\nI. \n It provides strong encryption, cryptographic host authentication,\n and integrity protection.... \n SSHredder was primarily designed to test key exchange and other\n processes that are specific to version 2 of the SSH protocol; however,\n certain classes of tests are also applicable to version 1. \n\n Rapid7 has published a detailed advisory (R7-0009) and the SSHredder\n test suite. \n\n Common Vulnerabilities and Exposures (CVE) has assigned the following\n candidate numbers for several classes of tests performed by SSHredder:\n\n * CAN-2002-1357 - incorrect field lengths\n * CAN-2002-1358 - lists with empty elements or multiple separators\n * CAN-2002-1359 - \"classic\" buffer overflows\n * CAN-2002-1360 - null characters in strings\n\n\nII. On\n Microsoft Windows systems, SSH servers commonly run with SYSTEM\n privileges, and on UNIX systems, SSH daemons typically run with root\n privileges. \n\n\nIII. Solution\n\nApply a patch or upgrade\n\n Apply the appropriate patch or upgrade as specified by your vendor. \n See Appendix A below and the Systems Affected section of VU#389665 for\n specific information. \n\nRestrict access\n\n Limit access to SSH servers to trusted hosts and networks using\n firewalls or other packet-filtering systems. Some SSH servers may have\n the ability to restrict access based on IP addresses, or similar\n effects may be achieved by using TCP wrappers or other related\n technology. \n\n SSH clients can reduce the risk of attacks by only connecting to\n trusted servers by IP address. \n\n While these workarounds will not prevent exploitation of these\n vulnerabilities, they will make attacks somewhat more difficult, in\n part by limiting the number of potential sources of attacks. \n\n\nAppendix A. Vendor Information\n\n This appendix contains information provided by vendors. When vendors\n report new information, this section is updated and the changes are\n noted in the revision history. If a vendor is not listed below, we\n have not received their comments. The Systems Affected section of\n VU#389665 contains additional vendor status information. \n\nCisco Systems, Inc. \n\n The official statement regarding this is that we are not\n vulnerable. \n\nCray Inc. \n\n Cray Inc. supports the OpenSSH product through their Cray Open\n Software (COS) package. COS 3.3, available the end of December\n 2002, is not vulnerable. If a site is concerned, they can contact\n their local Cray representive to obtain an early copy of the\n OpenSSH contained in COS 3.3. \n\nF-Secure\n\n F-Secure SSH products are not exploitable via these attacks. While\n F-Secure SSH versions 3.1.0 build 11 and earlier crash on these\n malicious packets, we did not find ways to exploit this to gain\n unauthorized access or to run arbitrary code. Furthermore, the\n crash occurs in a forked process so the denial of service attacks\n are not possible. \n\nFujitsu\n\n Fujitsu\u0027s UXP/V OS is not vulnerable because it does not support\n SSH. \n\nIBM\n\n IBM\u0027s AIX is not vulnerabible to the issues discussed in CERT\n Vulnerability Note VU#389665. \n\nlsh\n\n I\u0027ve now tried the testsuite with the latest stable release of lsh,\n lsh-1.4.2. Both the client and the server seem NOT VULNERABLE. \n\nNetScreen Technologies Inc. \n\n Tested latest versions. Not Vulnerable. \n\nOpenSSH\n\n From my testing it seems that the current version of OpenSSH (3.5)\n is not vulnerable to these problems, and some limited testing shows\n that no version of OpenSSH is vulnerable. \n\nPragma Systems, Inc. \n\n December 16, 2002\n\n Rapid 7 and CERT Coordination Center Vulnerability report VU#389665\n\n Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a\n possible vulnerability with Version 2.0 of Pragma SecureShell. \n Pragma Systems tested Pragma SecureShell 2.0 and the upcoming new\n Version 3.0, and found that the attacks did cause a memory access\n protection fault on Microsoft platforms. \n\n After research, Pragma Systems corrected the problem. \n\n The problem is corrected in Pragma SecureShell Version 3.0. Any\n customers with concerns regarding this vulnerability report should\n contact Pragma Systems, Inc at support@pragmasys.com for\n information on obtaining an upgrade free of charge. Pragma\u0027s web\n site is located at www.pragmasys.com and the company can be reached\n at 1-512-219-7270. \n\nPuTTY\n\n PuTTY 0.53b addresses vulnerabilities discovered by SSHredder. \n\n\nAppendix B. References\n\n * CERT/CC Vulnerability Note: VU#389665 -\n http://www.kb.cert.org/vuls/id/389665\n * Rapid 7 Advisory: R7-0009 -\n http://www.rapid7.com/advisories/R7-0009.txt\n * Rapid 7 SSHredder test suite -\n http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666\n * IETF Draft: SSH Transport Layer Protocol -\n http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. \n txt\n * IETF Draft: SSH Protocol Architecture -\n http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-\n 13.txt\n * Privilege Separated OpenSSH -\n http://www.citi.umich.edu/u/provos/ssh/privsep.html\n\n _________________________________________________________________\n\n The CERT Coordination Center thanks Rapid7 for researching and\n reporting these vulnerabilities. \n _________________________________________________________________\n\n Author: Art Manion. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2002-36.html\n ______________________________________________________________________\n\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2002 Carnegie Mellon University. \n\n Revision History\n\n December 16, 2002: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/\nPlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd\nyIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3\nxazIo8XEipc=\n=Nj+0\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1359"
},
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000324"
},
{
"db": "BID",
"id": "6407"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "VULHUB",
"id": "VHN-5744"
},
{
"db": "VULMON",
"id": "CVE-2002-1359"
},
{
"db": "PACKETSTORM",
"id": "30625"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=1788",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-5744",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5744"
},
{
"db": "VULMON",
"id": "CVE-2002-1359"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6407",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2002-1359",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1005812",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1005813",
"trust": 1.8
},
{
"db": "CERT/CC",
"id": "VU#389665",
"trust": 1.7
},
{
"db": "BID",
"id": "6397",
"trust": 1.1
},
{
"db": "BID",
"id": "6410",
"trust": 0.8
},
{
"db": "BID",
"id": "6408",
"trust": 0.8
},
{
"db": "BID",
"id": "6405",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000324",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200212-041",
"trust": 0.7
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5848",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2002-36",
"trust": 0.6
},
{
"db": "VULNWATCH",
"id": "20021216 R7-0009: VULNERABILITIES IN SSH2 IMPLEMENTATIONS FROM MULTIPLE VENDORS",
"trust": 0.6
},
{
"db": "XF",
"id": "10870",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "1788",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "16463",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83008",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-70977",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-63554",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5744",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2002-1359",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30625",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5744"
},
{
"db": "VULMON",
"id": "CVE-2002-1359"
},
{
"db": "BID",
"id": "6407"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000324"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1359"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-041"
}
]
},
"id": "VAR-200212-0626",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5744"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:13:58.101000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ssh-packet-suite-vuln",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml"
},
{
"title": "2003120403",
"trust": 0.8,
"url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120403.shtml"
},
{
"title": "303",
"trust": 0.8,
"url": "http://www.ssh.com/company/newsroom/article/303/"
},
{
"title": "ssh-packet-suite-vuln",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/ssh-packet-suite-vuln-j.shtml"
},
{
"title": "Cisco: SSH Malformed Packet Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20021219-ssh-packet"
},
{
"title": "PuTTY",
"trust": 0.1,
"url": "https://github.com/kaleshashi/putty "
},
{
"title": "PuTTy-",
"trust": 0.1,
"url": "https://github.com/pbr94/putty- "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2002-1359"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000324"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5744"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000324"
},
{
"db": "NVD",
"id": "CVE-2002-1359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.cert.org/advisories/ca-2002-36.html"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/6407"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1005812"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1005813"
},
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5848"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10870"
},
{
"trust": 0.9,
"url": "http://www.rapid7.com/advisories/r7-0009.txt"
},
{
"trust": 0.9,
"url": "http://www.rapid7.com/perl/downloadrequest.pl?packagechoice=666"
},
{
"trust": 0.9,
"url": "http://www.citi.umich.edu/u/provos/ssh/privsep.html"
},
{
"trust": 0.9,
"url": "http://www.kb.cert.org/vuls/id/389665"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/n-028.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1359"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr025001.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-36"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1359"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6405"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6408"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6397"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6410"
},
{
"trust": 0.6,
"url": "http://www.f-secure.com/"
},
{
"trust": 0.6,
"url": "http://www.ssh.com"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/10870"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5848"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/304609"
},
{
"trust": 0.3,
"url": "/archive/1/305241"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/ssh-pragma-sshredder-overflow"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/windows/ssh/putty_msg_debug"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/1788/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20021219-ssh-packet"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15."
},
{
"trust": 0.1,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "https://www.pragmasys.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5744"
},
{
"db": "VULMON",
"id": "CVE-2002-1359"
},
{
"db": "BID",
"id": "6407"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000324"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1359"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-041"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5744"
},
{
"db": "VULMON",
"id": "CVE-2002-1359"
},
{
"db": "BID",
"id": "6407"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000324"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1359"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-041"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-16T00:00:00",
"db": "CERT/CC",
"id": "VU#389665"
},
{
"date": "2002-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-5744"
},
{
"date": "2002-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1359"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6407"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6397"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000324"
},
{
"date": "2002-12-21T10:23:09",
"db": "PACKETSTORM",
"id": "30625"
},
{
"date": "2002-12-23T05:00:00",
"db": "NVD",
"id": "CVE-2002-1359"
},
{
"date": "2002-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-041"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-18T00:00:00",
"db": "CERT/CC",
"id": "VU#389665"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-5744"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1359"
},
{
"date": "2009-07-11T19:16:00",
"db": "BID",
"id": "6407"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6397"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000324"
},
{
"date": "2017-10-11T01:29:03.747000",
"db": "NVD",
"id": "CVE-2002-1359"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-041"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-041"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vendors\u0027 SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization",
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-041"
}
],
"trust": 0.6
}
}
VAR-200212-0627
Vulnerability from variot - Updated: 2023-12-18 12:13Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. Multiple vendor SSH2 implementations are reported to be prone to issues related to the handling of null characters in strings. These issues may be used to cause unpredictable behavior to occur, such as a denial of service or memory corruption. It is reportedly possible to trigger these conditions prior to authentication. These conditions were discovered during tests of the initialization, key exchange, and negotiation phases (KEX, KEXINIT) of a SSH2 transaction between client and server. These issues are known to affect various client and server implementations of the protocol. Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations
Original issue date: December 16, 2002 Last revised: -- Source: CERT/CC
A complete revision history is at the end of this file.
I. It provides strong encryption, cryptographic host authentication, and integrity protection.... These vulnerabilities include buffer overflows, and they occur before any user authentication takes place. SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1.
Rapid7 has published a detailed advisory (R7-0009) and the SSHredder test suite.
Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder:
* CAN-2002-1357 - incorrect field lengths
* CAN-2002-1358 - lists with empty elements or multiple separators
* CAN-2002-1359 - "classic" buffer overflows
* CAN-2002-1360 - null characters in strings
II. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges.
III. Solution
Apply a patch or upgrade
Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A below and the Systems Affected section of VU#389665 for specific information.
Restrict access
Limit access to SSH servers to trusted hosts and networks using firewalls or other packet-filtering systems. Some SSH servers may have the ability to restrict access based on IP addresses, or similar effects may be achieved by using TCP wrappers or other related technology.
SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address.
While these workarounds will not prevent exploitation of these vulnerabilities, they will make attacks somewhat more difficult, in part by limiting the number of potential sources of attacks.
Appendix A. Vendor Information
This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments. The Systems Affected section of VU#389665 contains additional vendor status information.
Cisco Systems, Inc.
The official statement regarding this is that we are not
vulnerable.
Cray Inc.
Cray Inc. supports the OpenSSH product through their Cray Open
Software (COS) package. COS 3.3, available the end of December
2002, is not vulnerable. If a site is concerned, they can contact
their local Cray representive to obtain an early copy of the
OpenSSH contained in COS 3.3.
F-Secure
F-Secure SSH products are not exploitable via these attacks. While
F-Secure SSH versions 3.1.0 build 11 and earlier crash on these
malicious packets, we did not find ways to exploit this to gain
unauthorized access or to run arbitrary code. Furthermore, the
crash occurs in a forked process so the denial of service attacks
are not possible.
Fujitsu
Fujitsu's UXP/V OS is not vulnerable because it does not support
SSH.
IBM
IBM's AIX is not vulnerabible to the issues discussed in CERT
Vulnerability Note VU#389665.
lsh
I've now tried the testsuite with the latest stable release of lsh,
lsh-1.4.2. Both the client and the server seem NOT VULNERABLE.
NetScreen Technologies Inc.
Tested latest versions. Not Vulnerable.
OpenSSH
From my testing it seems that the current version of OpenSSH (3.5)
is not vulnerable to these problems, and some limited testing shows
that no version of OpenSSH is vulnerable.
Pragma Systems, Inc.
December 16, 2002
Rapid 7 and CERT Coordination Center Vulnerability report VU#389665
Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a
possible vulnerability with Version 2.0 of Pragma SecureShell.
Pragma Systems tested Pragma SecureShell 2.0 and the upcoming new
Version 3.0, and found that the attacks did cause a memory access
protection fault on Microsoft platforms.
After research, Pragma Systems corrected the problem.
The problem is corrected in Pragma SecureShell Version 3.0. Any
customers with concerns regarding this vulnerability report should
contact Pragma Systems, Inc at support@pragmasys.com for
information on obtaining an upgrade free of charge. Pragma's web
site is located at www.pragmasys.com and the company can be reached
at 1-512-219-7270.
PuTTY
PuTTY 0.53b addresses vulnerabilities discovered by SSHredder.
Appendix B. References
* CERT/CC Vulnerability Note: VU#389665 -
http://www.kb.cert.org/vuls/id/389665
* Rapid 7 Advisory: R7-0009 -
http://www.rapid7.com/advisories/R7-0009.txt
* Rapid 7 SSHredder test suite -
http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666
* IETF Draft: SSH Transport Layer Protocol -
http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.
txt
* IETF Draft: SSH Protocol Architecture -
http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-
13.txt
* Privilege Separated OpenSSH -
http://www.citi.umich.edu/u/provos/ssh/privsep.html
_________________________________________________________________
The CERT Coordination Center thanks Rapid7 for researching and reporting these vulnerabilities. ___________
Author: Art Manion.
This document is available from: http://www.cert.org/advisories/CA-2002-36.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2002 Carnegie Mellon University.
Revision History
December 16, 2002: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/ PlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd yIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3 xazIo8XEipc= =Nj+0 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0627",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 2.8,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "securenetterm",
"scope": "eq",
"trust": 1.7,
"vendor": "intersoft",
"version": "5.4.1"
},
{
"model": "shellguard ssh",
"scope": "eq",
"trust": 1.7,
"vendor": "netcomposite",
"version": "3.4.6"
},
{
"model": "winscp",
"scope": "eq",
"trust": 1.7,
"vendor": "winscp",
"version": "2.0.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.0s"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.0st"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.1e"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.1ea"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.1t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.2s"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "12.2t"
},
{
"model": "secureshell",
"scope": "eq",
"trust": 1.1,
"vendor": "pragma",
"version": "2.0"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.1,
"vendor": "putty",
"version": "0.48"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.1,
"vendor": "putty",
"version": "0.49"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.1,
"vendor": "putty",
"version": "0.53"
},
{
"model": "ssh client",
"scope": "eq",
"trust": 1.0,
"vendor": "fissh",
"version": "1.0a_for_windows"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f secure",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intersoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pragma",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "putty",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "riverstone",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "winscp",
"version": null
},
{
"model": "f-secure ssh",
"scope": "lte",
"trust": 0.8,
"vendor": "f secure",
"version": "3.1.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.53"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.49"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.48"
},
{
"model": "systems secureshell",
"scope": "eq",
"trust": 0.6,
"vendor": "pragma",
"version": "2.0"
},
{
"model": "ssh client for windows a",
"scope": "eq",
"trust": 0.6,
"vendor": "fissh",
"version": "1.0"
},
{
"model": "tatham putty b",
"scope": "ne",
"trust": 0.6,
"vendor": "simon",
"version": "0.53"
},
{
"model": "systems secureshell",
"scope": "ne",
"trust": 0.6,
"vendor": "pragma",
"version": "3.0"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.5"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.3"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.3"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2.3"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2.2"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.1"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.1"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0"
},
{
"model": "lsh",
"scope": "ne",
"trust": 0.6,
"vendor": "lsh",
"version": "1.5"
},
{
"model": "securenetterm",
"scope": "ne",
"trust": 0.6,
"vendor": "intersoft",
"version": "5.4.2"
},
{
"model": "winsshd",
"scope": "ne",
"trust": 0.6,
"vendor": "bitvise",
"version": "3.5"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.3(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.0"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.6(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.6(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(3)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(2)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(2)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.4"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3(5)"
},
{
"model": "ons 15454e optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.14"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.6(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.6(0)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.5"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(3)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(2)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(0)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(2)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.4"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.3"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.2.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.1.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154542.3(5)"
},
{
"model": "ons ios-based blades",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15454"
},
{
"model": "ons metro edge optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15327"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.14"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.6(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.6(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(3)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(2)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0(2)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.4"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.3"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.2"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.1"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.0"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ea",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "securecrt",
"scope": "ne",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.3"
},
{
"model": "vshell",
"scope": "ne",
"trust": 0.3,
"vendor": "van dyke",
"version": "1.2"
},
{
"model": "ttssh",
"scope": "ne",
"trust": 0.3,
"vendor": "ttssh",
"version": "1.5.4"
},
{
"model": "ssh client",
"scope": "eq",
"trust": 0.1,
"vendor": "fissh",
"version": "1.0a for windows"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULMON",
"id": "CVE-2002-1360"
},
{
"db": "BID",
"id": "6410"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000325"
},
{
"db": "NVD",
"id": "CVE-2002-1360"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-049"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1360"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rapid 7 Security Advisories\u203b advisory@rapid7.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-049"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2002-1360",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-5745",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1360",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1360",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#389665",
"trust": 0.8,
"value": "11.04"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-049",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-5745",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2002-1360",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5745"
},
{
"db": "VULMON",
"id": "CVE-2002-1360"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000325"
},
{
"db": "NVD",
"id": "CVE-2002-1360"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-049"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. Multiple vendor SSH2 implementations are reported to be prone to issues related to the handling of null characters in strings. These issues may be used to cause unpredictable behavior to occur, such as a denial of service or memory corruption. It is reportedly possible to trigger these conditions prior to authentication. \nThese conditions were discovered during tests of the initialization, key exchange, and negotiation phases (KEX, KEXINIT) of a SSH2 transaction between client and server. These issues are known to affect various client and server implementations of the protocol. \nFurther details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\n\nCERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations\n\n Original issue date: December 16, 2002\n Last revised: --\n Source: CERT/CC\n\n A complete revision history is at the end of this file. \n\n\nI. \n It provides strong encryption, cryptographic host authentication,\n and integrity protection.... These vulnerabilities include buffer\n overflows, and they occur before any user authentication takes place. \n SSHredder was primarily designed to test key exchange and other\n processes that are specific to version 2 of the SSH protocol; however,\n certain classes of tests are also applicable to version 1. \n\n Rapid7 has published a detailed advisory (R7-0009) and the SSHredder\n test suite. \n\n Common Vulnerabilities and Exposures (CVE) has assigned the following\n candidate numbers for several classes of tests performed by SSHredder:\n\n * CAN-2002-1357 - incorrect field lengths\n * CAN-2002-1358 - lists with empty elements or multiple separators\n * CAN-2002-1359 - \"classic\" buffer overflows\n * CAN-2002-1360 - null characters in strings\n\n\nII. On\n Microsoft Windows systems, SSH servers commonly run with SYSTEM\n privileges, and on UNIX systems, SSH daemons typically run with root\n privileges. \n\n\nIII. Solution\n\nApply a patch or upgrade\n\n Apply the appropriate patch or upgrade as specified by your vendor. \n See Appendix A below and the Systems Affected section of VU#389665 for\n specific information. \n\nRestrict access\n\n Limit access to SSH servers to trusted hosts and networks using\n firewalls or other packet-filtering systems. Some SSH servers may have\n the ability to restrict access based on IP addresses, or similar\n effects may be achieved by using TCP wrappers or other related\n technology. \n\n SSH clients can reduce the risk of attacks by only connecting to\n trusted servers by IP address. \n\n While these workarounds will not prevent exploitation of these\n vulnerabilities, they will make attacks somewhat more difficult, in\n part by limiting the number of potential sources of attacks. \n\n\nAppendix A. Vendor Information\n\n This appendix contains information provided by vendors. When vendors\n report new information, this section is updated and the changes are\n noted in the revision history. If a vendor is not listed below, we\n have not received their comments. The Systems Affected section of\n VU#389665 contains additional vendor status information. \n\nCisco Systems, Inc. \n\n The official statement regarding this is that we are not\n vulnerable. \n\nCray Inc. \n\n Cray Inc. supports the OpenSSH product through their Cray Open\n Software (COS) package. COS 3.3, available the end of December\n 2002, is not vulnerable. If a site is concerned, they can contact\n their local Cray representive to obtain an early copy of the\n OpenSSH contained in COS 3.3. \n\nF-Secure\n\n F-Secure SSH products are not exploitable via these attacks. While\n F-Secure SSH versions 3.1.0 build 11 and earlier crash on these\n malicious packets, we did not find ways to exploit this to gain\n unauthorized access or to run arbitrary code. Furthermore, the\n crash occurs in a forked process so the denial of service attacks\n are not possible. \n\nFujitsu\n\n Fujitsu\u0027s UXP/V OS is not vulnerable because it does not support\n SSH. \n\nIBM\n\n IBM\u0027s AIX is not vulnerabible to the issues discussed in CERT\n Vulnerability Note VU#389665. \n\nlsh\n\n I\u0027ve now tried the testsuite with the latest stable release of lsh,\n lsh-1.4.2. Both the client and the server seem NOT VULNERABLE. \n\nNetScreen Technologies Inc. \n\n Tested latest versions. Not Vulnerable. \n\nOpenSSH\n\n From my testing it seems that the current version of OpenSSH (3.5)\n is not vulnerable to these problems, and some limited testing shows\n that no version of OpenSSH is vulnerable. \n\nPragma Systems, Inc. \n\n December 16, 2002\n\n Rapid 7 and CERT Coordination Center Vulnerability report VU#389665\n\n Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a\n possible vulnerability with Version 2.0 of Pragma SecureShell. \n Pragma Systems tested Pragma SecureShell 2.0 and the upcoming new\n Version 3.0, and found that the attacks did cause a memory access\n protection fault on Microsoft platforms. \n\n After research, Pragma Systems corrected the problem. \n\n The problem is corrected in Pragma SecureShell Version 3.0. Any\n customers with concerns regarding this vulnerability report should\n contact Pragma Systems, Inc at support@pragmasys.com for\n information on obtaining an upgrade free of charge. Pragma\u0027s web\n site is located at www.pragmasys.com and the company can be reached\n at 1-512-219-7270. \n\nPuTTY\n\n PuTTY 0.53b addresses vulnerabilities discovered by SSHredder. \n\n\nAppendix B. References\n\n * CERT/CC Vulnerability Note: VU#389665 -\n http://www.kb.cert.org/vuls/id/389665\n * Rapid 7 Advisory: R7-0009 -\n http://www.rapid7.com/advisories/R7-0009.txt\n * Rapid 7 SSHredder test suite -\n http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666\n * IETF Draft: SSH Transport Layer Protocol -\n http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. \n txt\n * IETF Draft: SSH Protocol Architecture -\n http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-\n 13.txt\n * Privilege Separated OpenSSH -\n http://www.citi.umich.edu/u/provos/ssh/privsep.html\n\n _________________________________________________________________\n\n The CERT Coordination Center thanks Rapid7 for researching and\n reporting these vulnerabilities. \n _________________________________________________________________\n\n Author: Art Manion. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2002-36.html\n ______________________________________________________________________\n\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2002 Carnegie Mellon University. \n\n Revision History\n\n December 16, 2002: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/\nPlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd\nyIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3\nxazIo8XEipc=\n=Nj+0\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1360"
},
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000325"
},
{
"db": "BID",
"id": "6410"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "VULHUB",
"id": "VHN-5745"
},
{
"db": "VULMON",
"id": "CVE-2002-1360"
},
{
"db": "PACKETSTORM",
"id": "30625"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1360",
"trust": 2.9
},
{
"db": "CERT/CC",
"id": "VU#389665",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1005813",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1005812",
"trust": 1.7
},
{
"db": "BID",
"id": "6410",
"trust": 1.2
},
{
"db": "BID",
"id": "6397",
"trust": 1.1
},
{
"db": "BID",
"id": "6407",
"trust": 0.8
},
{
"db": "BID",
"id": "6408",
"trust": 0.8
},
{
"db": "BID",
"id": "6405",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000325",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200212-049",
"trust": 0.7
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5797",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2002-36",
"trust": 0.6
},
{
"db": "VULNWATCH",
"id": "20021216 R7-0009: VULNERABILITIES IN SSH2 IMPLEMENTATIONS FROM MULTIPLE VENDORS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5745",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2002-1360",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30625",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5745"
},
{
"db": "VULMON",
"id": "CVE-2002-1360"
},
{
"db": "BID",
"id": "6410"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000325"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1360"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-049"
}
]
},
"id": "VAR-200212-0627",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5745"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:13:58.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ssh-packet-suite-vuln",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml"
},
{
"title": "2003120403",
"trust": 0.8,
"url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120403.shtml"
},
{
"title": "303",
"trust": 0.8,
"url": "http://www.ssh.com/company/newsroom/article/303/"
},
{
"title": "ssh-packet-suite-vuln",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/ssh-packet-suite-vuln-j.shtml"
},
{
"title": "Cisco: SSH Malformed Packet Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20021219-ssh-packet"
},
{
"title": "PuTTY",
"trust": 0.1,
"url": "https://github.com/kaleshashi/putty "
},
{
"title": "PuTTy-",
"trust": 0.1,
"url": "https://github.com/pbr94/putty- "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2002-1360"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000325"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5745"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000325"
},
{
"db": "NVD",
"id": "CVE-2002-1360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.cert.org/advisories/ca-2002-36.html"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1005812"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1005813"
},
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5797"
},
{
"trust": 0.9,
"url": "http://www.rapid7.com/advisories/r7-0009.txt"
},
{
"trust": 0.9,
"url": "http://www.rapid7.com/perl/downloadrequest.pl?packagechoice=666"
},
{
"trust": 0.9,
"url": "http://www.citi.umich.edu/u/provos/ssh/privsep.html"
},
{
"trust": 0.9,
"url": "http://www.kb.cert.org/vuls/id/389665"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/n-028.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1360"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr025001.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-36"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1360"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6410"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6407"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6405"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6408"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6397"
},
{
"trust": 0.6,
"url": "http://www.f-secure.com/"
},
{
"trust": 0.6,
"url": "http://www.ssh.com"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5797"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/305241"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/cisco-sshredder-dos"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/kaleshashi/putty"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20021219-ssh-packet"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15."
},
{
"trust": 0.1,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "https://www.pragmasys.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5745"
},
{
"db": "VULMON",
"id": "CVE-2002-1360"
},
{
"db": "BID",
"id": "6410"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000325"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1360"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-049"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5745"
},
{
"db": "VULMON",
"id": "CVE-2002-1360"
},
{
"db": "BID",
"id": "6410"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000325"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1360"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-049"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-16T00:00:00",
"db": "CERT/CC",
"id": "VU#389665"
},
{
"date": "2002-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-5745"
},
{
"date": "2002-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1360"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6410"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6397"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000325"
},
{
"date": "2002-12-21T10:23:09",
"db": "PACKETSTORM",
"id": "30625"
},
{
"date": "2002-12-23T05:00:00",
"db": "NVD",
"id": "CVE-2002-1360"
},
{
"date": "2002-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-049"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-18T00:00:00",
"db": "CERT/CC",
"id": "VU#389665"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-5745"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1360"
},
{
"date": "2009-07-11T19:16:00",
"db": "BID",
"id": "6410"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6397"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000325"
},
{
"date": "2017-10-11T01:29:03.807000",
"db": "NVD",
"id": "CVE-2002-1360"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-049"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-049"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vendors\u0027 SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization",
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-049"
}
],
"trust": 0.6
}
}
VAR-200212-0625
Vulnerability from variot - Updated: 2023-12-18 12:13Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. A vulnerability has been reported for multiple SSH2 vendors. The vulnerability is a result of SSH2 packets containing empty elements/multiple separators. The vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations
Original issue date: December 16, 2002 Last revised: -- Source: CERT/CC
A complete revision history is at the end of this file.
I. It provides strong encryption, cryptographic host authentication, and integrity protection.... These vulnerabilities include buffer overflows, and they occur before any user authentication takes place. SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1.
Rapid7 has published a detailed advisory (R7-0009) and the SSHredder test suite.
Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder:
* CAN-2002-1357 - incorrect field lengths
* CAN-2002-1358 - lists with empty elements or multiple separators
* CAN-2002-1359 - "classic" buffer overflows
* CAN-2002-1360 - null characters in strings
II. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges.
III. Solution
Apply a patch or upgrade
Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A below and the Systems Affected section of VU#389665 for specific information.
Restrict access
Limit access to SSH servers to trusted hosts and networks using firewalls or other packet-filtering systems. Some SSH servers may have the ability to restrict access based on IP addresses, or similar effects may be achieved by using TCP wrappers or other related technology.
SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address.
While these workarounds will not prevent exploitation of these vulnerabilities, they will make attacks somewhat more difficult, in part by limiting the number of potential sources of attacks.
Appendix A. Vendor Information
This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments. The Systems Affected section of VU#389665 contains additional vendor status information.
Cisco Systems, Inc.
The official statement regarding this is that we are not
vulnerable.
Cray Inc.
Cray Inc. supports the OpenSSH product through their Cray Open
Software (COS) package. COS 3.3, available the end of December
2002, is not vulnerable. If a site is concerned, they can contact
their local Cray representive to obtain an early copy of the
OpenSSH contained in COS 3.3.
F-Secure
F-Secure SSH products are not exploitable via these attacks. While
F-Secure SSH versions 3.1.0 build 11 and earlier crash on these
malicious packets, we did not find ways to exploit this to gain
unauthorized access or to run arbitrary code. Furthermore, the
crash occurs in a forked process so the denial of service attacks
are not possible.
Fujitsu
Fujitsu's UXP/V OS is not vulnerable because it does not support
SSH.
IBM
IBM's AIX is not vulnerabible to the issues discussed in CERT
Vulnerability Note VU#389665.
lsh
I've now tried the testsuite with the latest stable release of lsh,
lsh-1.4.2. Both the client and the server seem NOT VULNERABLE.
NetScreen Technologies Inc.
Tested latest versions. Not Vulnerable.
OpenSSH
From my testing it seems that the current version of OpenSSH (3.5)
is not vulnerable to these problems, and some limited testing shows
that no version of OpenSSH is vulnerable.
Pragma Systems, Inc.
December 16, 2002
Rapid 7 and CERT Coordination Center Vulnerability report VU#389665
Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a
possible vulnerability with Version 2.0 of Pragma SecureShell.
Pragma Systems tested Pragma SecureShell 2.0 and the upcoming new
Version 3.0, and found that the attacks did cause a memory access
protection fault on Microsoft platforms.
After research, Pragma Systems corrected the problem.
The problem is corrected in Pragma SecureShell Version 3.0. Any
customers with concerns regarding this vulnerability report should
contact Pragma Systems, Inc at support@pragmasys.com for
information on obtaining an upgrade free of charge. Pragma's web
site is located at www.pragmasys.com and the company can be reached
at 1-512-219-7270.
PuTTY
PuTTY 0.53b addresses vulnerabilities discovered by SSHredder.
Appendix B. References
* CERT/CC Vulnerability Note: VU#389665 -
http://www.kb.cert.org/vuls/id/389665
* Rapid 7 Advisory: R7-0009 -
http://www.rapid7.com/advisories/R7-0009.txt
* Rapid 7 SSHredder test suite -
http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666
* IETF Draft: SSH Transport Layer Protocol -
http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.
txt
* IETF Draft: SSH Protocol Architecture -
http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-
13.txt
* Privilege Separated OpenSSH -
http://www.citi.umich.edu/u/provos/ssh/privsep.html
_________________________________________________________________
The CERT Coordination Center thanks Rapid7 for researching and reporting these vulnerabilities. ___________
Author: Art Manion.
This document is available from: http://www.cert.org/advisories/CA-2002-36.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2002 Carnegie Mellon University.
Revision History
December 16, 2002: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/ PlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd yIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3 xazIo8XEipc= =Nj+0 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0625",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "winscp",
"scope": "eq",
"trust": 1.6,
"vendor": "winscp",
"version": "2.0.0"
},
{
"model": "shellguard ssh",
"scope": "eq",
"trust": 1.6,
"vendor": "netcomposite",
"version": "3.4.6"
},
{
"model": "securenetterm",
"scope": "eq",
"trust": 1.6,
"vendor": "intersoft",
"version": "5.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2s"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.0st"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.1e"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.1t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.1ea"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.0s"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.0,
"vendor": "putty",
"version": "0.53"
},
{
"model": "ssh client",
"scope": "eq",
"trust": 1.0,
"vendor": "fissh",
"version": "1.0a_for_windows"
},
{
"model": "secureshell",
"scope": "eq",
"trust": 1.0,
"vendor": "pragma",
"version": "2.0"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.0,
"vendor": "putty",
"version": "0.49"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.0,
"vendor": "putty",
"version": "0.48"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f secure",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intersoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pragma",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "putty",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "riverstone",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "winscp",
"version": null
},
{
"model": "f-secure ssh",
"scope": "lte",
"trust": 0.8,
"vendor": "f secure",
"version": "3.1.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.53"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.49"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.48"
},
{
"model": "systems secureshell",
"scope": "eq",
"trust": 0.6,
"vendor": "pragma",
"version": "2.0"
},
{
"model": "ssh client for windows a",
"scope": "eq",
"trust": 0.6,
"vendor": "fissh",
"version": "1.0"
},
{
"model": "tatham putty b",
"scope": "ne",
"trust": 0.6,
"vendor": "simon",
"version": "0.53"
},
{
"model": "systems secureshell",
"scope": "ne",
"trust": 0.6,
"vendor": "pragma",
"version": "3.0"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.5"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.3"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.3"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2.3"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2.2"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.1"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.1"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0"
},
{
"model": "lsh",
"scope": "ne",
"trust": 0.6,
"vendor": "lsh",
"version": "1.5"
},
{
"model": "securenetterm",
"scope": "ne",
"trust": 0.6,
"vendor": "intersoft",
"version": "5.4.2"
},
{
"model": "winsshd",
"scope": "ne",
"trust": 0.6,
"vendor": "bitvise",
"version": "3.5"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.3(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.0"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.6(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.6(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(3)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(2)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(2)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.4"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3(5)"
},
{
"model": "ons 15454e optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.14"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.6(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.6(0)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.5"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(3)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(2)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(0)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(2)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.4"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.3"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.2.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.1.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154542.3(5)"
},
{
"model": "ons ios-based blades",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15454"
},
{
"model": "ons metro edge optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15327"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.14"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.6(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.6(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(3)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(2)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0(2)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.4"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.3"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.2"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.1"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.0"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ea",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "securecrt",
"scope": "ne",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.3"
},
{
"model": "vshell",
"scope": "ne",
"trust": 0.3,
"vendor": "van dyke",
"version": "1.2"
},
{
"model": "ttssh",
"scope": "ne",
"trust": 0.3,
"vendor": "ttssh",
"version": "1.5.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "BID",
"id": "6408"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000323"
},
{
"db": "NVD",
"id": "CVE-2002-1358"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-047"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1358"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rapid 7 Security Advisories\u203b advisory@rapid7.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-047"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2002-1358",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-5743",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1358",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#389665",
"trust": 0.8,
"value": "11.04"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-047",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-5743",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5743"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000323"
},
{
"db": "NVD",
"id": "CVE-2002-1358"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-047"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. A vulnerability has been reported for multiple SSH2 vendors. The vulnerability is a result of SSH2 packets containing empty elements/multiple separators. \nThe vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. \nFurther details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\n\nCERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations\n\n Original issue date: December 16, 2002\n Last revised: --\n Source: CERT/CC\n\n A complete revision history is at the end of this file. \n\n\nI. \n It provides strong encryption, cryptographic host authentication,\n and integrity protection.... These vulnerabilities include buffer\n overflows, and they occur before any user authentication takes place. \n SSHredder was primarily designed to test key exchange and other\n processes that are specific to version 2 of the SSH protocol; however,\n certain classes of tests are also applicable to version 1. \n\n Rapid7 has published a detailed advisory (R7-0009) and the SSHredder\n test suite. \n\n Common Vulnerabilities and Exposures (CVE) has assigned the following\n candidate numbers for several classes of tests performed by SSHredder:\n\n * CAN-2002-1357 - incorrect field lengths\n * CAN-2002-1358 - lists with empty elements or multiple separators\n * CAN-2002-1359 - \"classic\" buffer overflows\n * CAN-2002-1360 - null characters in strings\n\n\nII. On\n Microsoft Windows systems, SSH servers commonly run with SYSTEM\n privileges, and on UNIX systems, SSH daemons typically run with root\n privileges. \n\n\nIII. Solution\n\nApply a patch or upgrade\n\n Apply the appropriate patch or upgrade as specified by your vendor. \n See Appendix A below and the Systems Affected section of VU#389665 for\n specific information. \n\nRestrict access\n\n Limit access to SSH servers to trusted hosts and networks using\n firewalls or other packet-filtering systems. Some SSH servers may have\n the ability to restrict access based on IP addresses, or similar\n effects may be achieved by using TCP wrappers or other related\n technology. \n\n SSH clients can reduce the risk of attacks by only connecting to\n trusted servers by IP address. \n\n While these workarounds will not prevent exploitation of these\n vulnerabilities, they will make attacks somewhat more difficult, in\n part by limiting the number of potential sources of attacks. \n\n\nAppendix A. Vendor Information\n\n This appendix contains information provided by vendors. When vendors\n report new information, this section is updated and the changes are\n noted in the revision history. If a vendor is not listed below, we\n have not received their comments. The Systems Affected section of\n VU#389665 contains additional vendor status information. \n\nCisco Systems, Inc. \n\n The official statement regarding this is that we are not\n vulnerable. \n\nCray Inc. \n\n Cray Inc. supports the OpenSSH product through their Cray Open\n Software (COS) package. COS 3.3, available the end of December\n 2002, is not vulnerable. If a site is concerned, they can contact\n their local Cray representive to obtain an early copy of the\n OpenSSH contained in COS 3.3. \n\nF-Secure\n\n F-Secure SSH products are not exploitable via these attacks. While\n F-Secure SSH versions 3.1.0 build 11 and earlier crash on these\n malicious packets, we did not find ways to exploit this to gain\n unauthorized access or to run arbitrary code. Furthermore, the\n crash occurs in a forked process so the denial of service attacks\n are not possible. \n\nFujitsu\n\n Fujitsu\u0027s UXP/V OS is not vulnerable because it does not support\n SSH. \n\nIBM\n\n IBM\u0027s AIX is not vulnerabible to the issues discussed in CERT\n Vulnerability Note VU#389665. \n\nlsh\n\n I\u0027ve now tried the testsuite with the latest stable release of lsh,\n lsh-1.4.2. Both the client and the server seem NOT VULNERABLE. \n\nNetScreen Technologies Inc. \n\n Tested latest versions. Not Vulnerable. \n\nOpenSSH\n\n From my testing it seems that the current version of OpenSSH (3.5)\n is not vulnerable to these problems, and some limited testing shows\n that no version of OpenSSH is vulnerable. \n\nPragma Systems, Inc. \n\n December 16, 2002\n\n Rapid 7 and CERT Coordination Center Vulnerability report VU#389665\n\n Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a\n possible vulnerability with Version 2.0 of Pragma SecureShell. \n Pragma Systems tested Pragma SecureShell 2.0 and the upcoming new\n Version 3.0, and found that the attacks did cause a memory access\n protection fault on Microsoft platforms. \n\n After research, Pragma Systems corrected the problem. \n\n The problem is corrected in Pragma SecureShell Version 3.0. Any\n customers with concerns regarding this vulnerability report should\n contact Pragma Systems, Inc at support@pragmasys.com for\n information on obtaining an upgrade free of charge. Pragma\u0027s web\n site is located at www.pragmasys.com and the company can be reached\n at 1-512-219-7270. \n\nPuTTY\n\n PuTTY 0.53b addresses vulnerabilities discovered by SSHredder. \n\n\nAppendix B. References\n\n * CERT/CC Vulnerability Note: VU#389665 -\n http://www.kb.cert.org/vuls/id/389665\n * Rapid 7 Advisory: R7-0009 -\n http://www.rapid7.com/advisories/R7-0009.txt\n * Rapid 7 SSHredder test suite -\n http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666\n * IETF Draft: SSH Transport Layer Protocol -\n http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. \n txt\n * IETF Draft: SSH Protocol Architecture -\n http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-\n 13.txt\n * Privilege Separated OpenSSH -\n http://www.citi.umich.edu/u/provos/ssh/privsep.html\n\n _________________________________________________________________\n\n The CERT Coordination Center thanks Rapid7 for researching and\n reporting these vulnerabilities. \n _________________________________________________________________\n\n Author: Art Manion. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2002-36.html\n ______________________________________________________________________\n\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2002 Carnegie Mellon University. \n\n Revision History\n\n December 16, 2002: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/\nPlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd\nyIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3\nxazIo8XEipc=\n=Nj+0\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1358"
},
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000323"
},
{
"db": "BID",
"id": "6408"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "VULHUB",
"id": "VHN-5743"
},
{
"db": "PACKETSTORM",
"id": "30625"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1358",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#389665",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1005813",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1005812",
"trust": 1.7
},
{
"db": "BID",
"id": "6408",
"trust": 1.2
},
{
"db": "BID",
"id": "6397",
"trust": 1.1
},
{
"db": "BID",
"id": "6407",
"trust": 0.8
},
{
"db": "BID",
"id": "6410",
"trust": 0.8
},
{
"db": "BID",
"id": "6405",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000323",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200212-047",
"trust": 0.7
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5721",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2002-36",
"trust": 0.6
},
{
"db": "VULNWATCH",
"id": "20021216 R7-0009: VULNERABILITIES IN SSH2 IMPLEMENTATIONS FROM MULTIPLE VENDORS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5743",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30625",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5743"
},
{
"db": "BID",
"id": "6408"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000323"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1358"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-047"
}
]
},
"id": "VAR-200212-0625",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5743"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:13:58.008000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ssh-packet-suite-vuln",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml"
},
{
"title": "2003120403",
"trust": 0.8,
"url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120403.shtml"
},
{
"title": "303",
"trust": 0.8,
"url": "http://www.ssh.com/company/newsroom/article/303/"
},
{
"title": "ssh-packet-suite-vuln",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/ssh-packet-suite-vuln-j.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000323"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5743"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000323"
},
{
"db": "NVD",
"id": "CVE-2002-1358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.cert.org/advisories/ca-2002-36.html"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1005812"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1005813"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5721"
},
{
"trust": 0.9,
"url": "http://www.rapid7.com/advisories/r7-0009.txt"
},
{
"trust": 0.9,
"url": "http://www.rapid7.com/perl/downloadrequest.pl?packagechoice=666"
},
{
"trust": 0.9,
"url": "http://www.citi.umich.edu/u/provos/ssh/privsep.html"
},
{
"trust": 0.9,
"url": "http://www.kb.cert.org/vuls/id/389665"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/n-028.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1358"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr025001.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-36"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1358"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6407"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6405"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6408"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6397"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6410"
},
{
"trust": 0.6,
"url": "http://www.f-secure.com/"
},
{
"trust": 0.6,
"url": "http://www.ssh.com"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5721"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/305241"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15."
},
{
"trust": 0.1,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "https://www.pragmasys.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5743"
},
{
"db": "BID",
"id": "6408"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000323"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1358"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-047"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5743"
},
{
"db": "BID",
"id": "6408"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000323"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1358"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-047"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-16T00:00:00",
"db": "CERT/CC",
"id": "VU#389665"
},
{
"date": "2002-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-5743"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6408"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6397"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000323"
},
{
"date": "2002-12-21T10:23:09",
"db": "PACKETSTORM",
"id": "30625"
},
{
"date": "2002-12-23T05:00:00",
"db": "NVD",
"id": "CVE-2002-1358"
},
{
"date": "2002-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-047"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-18T00:00:00",
"db": "CERT/CC",
"id": "VU#389665"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-5743"
},
{
"date": "2009-07-11T19:16:00",
"db": "BID",
"id": "6408"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6397"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000323"
},
{
"date": "2017-10-11T01:29:03.683000",
"db": "NVD",
"id": "CVE-2002-1358"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-047"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-047"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vendors\u0027 SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization",
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-047"
}
],
"trust": 0.6
}
}
VAR-200212-0624
Vulnerability from variot - Updated: 2023-12-18 12:13Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. A vulnerability with incorrect lengths of fields in SSH packets has been reported for multiple products that use SSH2 for secure communications. The vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. An attacker may exploit the vulnerability to perform denial-of-service attacks against vulnerable systems and possibly to execute malicious, attacker-supplied code. Further details about the vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in Bugtraq ID 6397.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations
Original issue date: December 16, 2002 Last revised: -- Source: CERT/CC
A complete revision history is at the end of this file.
I. It provides strong encryption, cryptographic host authentication, and integrity protection.... These vulnerabilities include buffer overflows, and they occur before any user authentication takes place. SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1.
Rapid7 has published a detailed advisory (R7-0009) and the SSHredder test suite.
Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder:
* CAN-2002-1357 - incorrect field lengths
* CAN-2002-1358 - lists with empty elements or multiple separators
* CAN-2002-1359 - "classic" buffer overflows
* CAN-2002-1360 - null characters in strings
II. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges.
III. Solution
Apply a patch or upgrade
Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A below and the Systems Affected section of VU#389665 for specific information.
Restrict access
Limit access to SSH servers to trusted hosts and networks using firewalls or other packet-filtering systems. Some SSH servers may have the ability to restrict access based on IP addresses, or similar effects may be achieved by using TCP wrappers or other related technology.
SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address.
While these workarounds will not prevent exploitation of these vulnerabilities, they will make attacks somewhat more difficult, in part by limiting the number of potential sources of attacks.
Appendix A. Vendor Information
This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments. The Systems Affected section of VU#389665 contains additional vendor status information.
Cisco Systems, Inc.
The official statement regarding this is that we are not
vulnerable.
Cray Inc.
Cray Inc. supports the OpenSSH product through their Cray Open
Software (COS) package. COS 3.3, available the end of December
2002, is not vulnerable. If a site is concerned, they can contact
their local Cray representive to obtain an early copy of the
OpenSSH contained in COS 3.3.
F-Secure
F-Secure SSH products are not exploitable via these attacks. While
F-Secure SSH versions 3.1.0 build 11 and earlier crash on these
malicious packets, we did not find ways to exploit this to gain
unauthorized access or to run arbitrary code. Furthermore, the
crash occurs in a forked process so the denial of service attacks
are not possible.
Fujitsu
Fujitsu's UXP/V OS is not vulnerable because it does not support
SSH.
IBM
IBM's AIX is not vulnerabible to the issues discussed in CERT
Vulnerability Note VU#389665.
lsh
I've now tried the testsuite with the latest stable release of lsh,
lsh-1.4.2. Both the client and the server seem NOT VULNERABLE.
NetScreen Technologies Inc.
Tested latest versions. Not Vulnerable.
OpenSSH
From my testing it seems that the current version of OpenSSH (3.5)
is not vulnerable to these problems, and some limited testing shows
that no version of OpenSSH is vulnerable.
Pragma Systems, Inc.
December 16, 2002
Rapid 7 and CERT Coordination Center Vulnerability report VU#389665
Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a
possible vulnerability with Version 2.0 of Pragma SecureShell.
Pragma Systems tested Pragma SecureShell 2.0 and the upcoming new
Version 3.0, and found that the attacks did cause a memory access
protection fault on Microsoft platforms.
After research, Pragma Systems corrected the problem.
The problem is corrected in Pragma SecureShell Version 3.0. Any
customers with concerns regarding this vulnerability report should
contact Pragma Systems, Inc at support@pragmasys.com for
information on obtaining an upgrade free of charge. Pragma's web
site is located at www.pragmasys.com and the company can be reached
at 1-512-219-7270.
PuTTY
PuTTY 0.53b addresses vulnerabilities discovered by SSHredder.
Appendix B. References
* CERT/CC Vulnerability Note: VU#389665 -
http://www.kb.cert.org/vuls/id/389665
* Rapid 7 Advisory: R7-0009 -
http://www.rapid7.com/advisories/R7-0009.txt
* Rapid 7 SSHredder test suite -
http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666
* IETF Draft: SSH Transport Layer Protocol -
http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.
txt
* IETF Draft: SSH Protocol Architecture -
http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-
13.txt
* Privilege Separated OpenSSH -
http://www.citi.umich.edu/u/provos/ssh/privsep.html
_________________________________________________________________
The CERT Coordination Center thanks Rapid7 for researching and reporting these vulnerabilities. ___________
Author: Art Manion.
This document is available from: http://www.cert.org/advisories/CA-2002-36.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2002 Carnegie Mellon University.
Revision History
December 16, 2002: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/ PlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd yIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3 xazIo8XEipc= =Nj+0 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0624",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "winscp",
"scope": "eq",
"trust": 1.6,
"vendor": "winscp",
"version": "2.0.0"
},
{
"model": "shellguard ssh",
"scope": "eq",
"trust": 1.6,
"vendor": "netcomposite",
"version": "3.4.6"
},
{
"model": "securenetterm",
"scope": "eq",
"trust": 1.6,
"vendor": "intersoft",
"version": "5.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2s"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.0st"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.1e"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.1t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.1ea"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.0s"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.0,
"vendor": "putty",
"version": "0.53"
},
{
"model": "ssh client",
"scope": "eq",
"trust": 1.0,
"vendor": "fissh",
"version": "1.0a_for_windows"
},
{
"model": "secureshell",
"scope": "eq",
"trust": 1.0,
"vendor": "pragma",
"version": "2.0"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.0,
"vendor": "putty",
"version": "0.49"
},
{
"model": "putty",
"scope": "eq",
"trust": 1.0,
"vendor": "putty",
"version": "0.48"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f secure",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intersoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pragma",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "putty",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "riverstone",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "winscp",
"version": null
},
{
"model": "f-secure ssh",
"scope": "lte",
"trust": 0.8,
"vendor": "f secure",
"version": "3.1.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.53"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.49"
},
{
"model": "tatham putty",
"scope": "eq",
"trust": 0.6,
"vendor": "simon",
"version": "0.48"
},
{
"model": "systems secureshell",
"scope": "eq",
"trust": 0.6,
"vendor": "pragma",
"version": "2.0"
},
{
"model": "ssh client for windows a",
"scope": "eq",
"trust": 0.6,
"vendor": "fissh",
"version": "1.0"
},
{
"model": "tatham putty b",
"scope": "ne",
"trust": 0.6,
"vendor": "simon",
"version": "0.53"
},
{
"model": "systems secureshell",
"scope": "ne",
"trust": 0.6,
"vendor": "pragma",
"version": "3.0"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.5"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.3"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.3"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2.3"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2.2"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.2"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.1"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.1"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "p1",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.6,
"vendor": "openssh",
"version": "3.0"
},
{
"model": "lsh",
"scope": "ne",
"trust": 0.6,
"vendor": "lsh",
"version": "1.5"
},
{
"model": "securenetterm",
"scope": "ne",
"trust": 0.6,
"vendor": "intersoft",
"version": "5.4.2"
},
{
"model": "winsshd",
"scope": "ne",
"trust": 0.6,
"vendor": "bitvise",
"version": "3.5"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.3(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.1"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "156001.0"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.6(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.6(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(3)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(2)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(2)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(1)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(0)"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.4"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ons 15454sdh",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3(5)"
},
{
"model": "ons 15454e optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.14"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.6(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.6(0)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.5"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(3)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(2)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1(0)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.1"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(2)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(1)"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.4"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.3"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.2.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.1.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154542.3(5)"
},
{
"model": "ons ios-based blades",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15454"
},
{
"model": "ons metro edge optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15327"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.14"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.6(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.6(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(3)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(2)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.1(0)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0(2)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0(1)"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153274.0"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.4"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.3"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.2"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.1"
},
{
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "153273.0"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ea",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "securecrt",
"scope": "ne",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.3"
},
{
"model": "vshell",
"scope": "ne",
"trust": 0.3,
"vendor": "van dyke",
"version": "1.2"
},
{
"model": "ttssh",
"scope": "ne",
"trust": 0.3,
"vendor": "ttssh",
"version": "1.5.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "BID",
"id": "6405"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000322"
},
{
"db": "NVD",
"id": "CVE-2002-1357"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-040"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1357"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rapid 7 Security Advisories\u203b advisory@rapid7.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-040"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1357",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2002-1357",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-5742",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1357",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1357",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#389665",
"trust": 0.8,
"value": "11.04"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-040",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-5742",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2002-1357",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5742"
},
{
"db": "VULMON",
"id": "CVE-2002-1357"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000322"
},
{
"db": "NVD",
"id": "CVE-2002-1357"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-040"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. A vulnerability with incorrect lengths of fields in SSH packets has been reported for multiple products that use SSH2 for secure communications. \nThe vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. An attacker may exploit the vulnerability to perform denial-of-service attacks against vulnerable systems and possibly to execute malicious, attacker-supplied code. \nFurther details about the vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in Bugtraq ID 6397. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\n\nCERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations\n\n Original issue date: December 16, 2002\n Last revised: --\n Source: CERT/CC\n\n A complete revision history is at the end of this file. \n\n\nI. \n It provides strong encryption, cryptographic host authentication,\n and integrity protection.... These vulnerabilities include buffer\n overflows, and they occur before any user authentication takes place. \n SSHredder was primarily designed to test key exchange and other\n processes that are specific to version 2 of the SSH protocol; however,\n certain classes of tests are also applicable to version 1. \n\n Rapid7 has published a detailed advisory (R7-0009) and the SSHredder\n test suite. \n\n Common Vulnerabilities and Exposures (CVE) has assigned the following\n candidate numbers for several classes of tests performed by SSHredder:\n\n * CAN-2002-1357 - incorrect field lengths\n * CAN-2002-1358 - lists with empty elements or multiple separators\n * CAN-2002-1359 - \"classic\" buffer overflows\n * CAN-2002-1360 - null characters in strings\n\n\nII. On\n Microsoft Windows systems, SSH servers commonly run with SYSTEM\n privileges, and on UNIX systems, SSH daemons typically run with root\n privileges. \n\n\nIII. Solution\n\nApply a patch or upgrade\n\n Apply the appropriate patch or upgrade as specified by your vendor. \n See Appendix A below and the Systems Affected section of VU#389665 for\n specific information. \n\nRestrict access\n\n Limit access to SSH servers to trusted hosts and networks using\n firewalls or other packet-filtering systems. Some SSH servers may have\n the ability to restrict access based on IP addresses, or similar\n effects may be achieved by using TCP wrappers or other related\n technology. \n\n SSH clients can reduce the risk of attacks by only connecting to\n trusted servers by IP address. \n\n While these workarounds will not prevent exploitation of these\n vulnerabilities, they will make attacks somewhat more difficult, in\n part by limiting the number of potential sources of attacks. \n\n\nAppendix A. Vendor Information\n\n This appendix contains information provided by vendors. When vendors\n report new information, this section is updated and the changes are\n noted in the revision history. If a vendor is not listed below, we\n have not received their comments. The Systems Affected section of\n VU#389665 contains additional vendor status information. \n\nCisco Systems, Inc. \n\n The official statement regarding this is that we are not\n vulnerable. \n\nCray Inc. \n\n Cray Inc. supports the OpenSSH product through their Cray Open\n Software (COS) package. COS 3.3, available the end of December\n 2002, is not vulnerable. If a site is concerned, they can contact\n their local Cray representive to obtain an early copy of the\n OpenSSH contained in COS 3.3. \n\nF-Secure\n\n F-Secure SSH products are not exploitable via these attacks. While\n F-Secure SSH versions 3.1.0 build 11 and earlier crash on these\n malicious packets, we did not find ways to exploit this to gain\n unauthorized access or to run arbitrary code. Furthermore, the\n crash occurs in a forked process so the denial of service attacks\n are not possible. \n\nFujitsu\n\n Fujitsu\u0027s UXP/V OS is not vulnerable because it does not support\n SSH. \n\nIBM\n\n IBM\u0027s AIX is not vulnerabible to the issues discussed in CERT\n Vulnerability Note VU#389665. \n\nlsh\n\n I\u0027ve now tried the testsuite with the latest stable release of lsh,\n lsh-1.4.2. Both the client and the server seem NOT VULNERABLE. \n\nNetScreen Technologies Inc. \n\n Tested latest versions. Not Vulnerable. \n\nOpenSSH\n\n From my testing it seems that the current version of OpenSSH (3.5)\n is not vulnerable to these problems, and some limited testing shows\n that no version of OpenSSH is vulnerable. \n\nPragma Systems, Inc. \n\n December 16, 2002\n\n Rapid 7 and CERT Coordination Center Vulnerability report VU#389665\n\n Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a\n possible vulnerability with Version 2.0 of Pragma SecureShell. \n Pragma Systems tested Pragma SecureShell 2.0 and the upcoming new\n Version 3.0, and found that the attacks did cause a memory access\n protection fault on Microsoft platforms. \n\n After research, Pragma Systems corrected the problem. \n\n The problem is corrected in Pragma SecureShell Version 3.0. Any\n customers with concerns regarding this vulnerability report should\n contact Pragma Systems, Inc at support@pragmasys.com for\n information on obtaining an upgrade free of charge. Pragma\u0027s web\n site is located at www.pragmasys.com and the company can be reached\n at 1-512-219-7270. \n\nPuTTY\n\n PuTTY 0.53b addresses vulnerabilities discovered by SSHredder. \n\n\nAppendix B. References\n\n * CERT/CC Vulnerability Note: VU#389665 -\n http://www.kb.cert.org/vuls/id/389665\n * Rapid 7 Advisory: R7-0009 -\n http://www.rapid7.com/advisories/R7-0009.txt\n * Rapid 7 SSHredder test suite -\n http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666\n * IETF Draft: SSH Transport Layer Protocol -\n http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. \n txt\n * IETF Draft: SSH Protocol Architecture -\n http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-\n 13.txt\n * Privilege Separated OpenSSH -\n http://www.citi.umich.edu/u/provos/ssh/privsep.html\n\n _________________________________________________________________\n\n The CERT Coordination Center thanks Rapid7 for researching and\n reporting these vulnerabilities. \n _________________________________________________________________\n\n Author: Art Manion. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2002-36.html\n ______________________________________________________________________\n\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2002 Carnegie Mellon University. \n\n Revision History\n\n December 16, 2002: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/\nPlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd\nyIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3\nxazIo8XEipc=\n=Nj+0\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1357"
},
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000322"
},
{
"db": "BID",
"id": "6405"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "VULHUB",
"id": "VHN-5742"
},
{
"db": "VULMON",
"id": "CVE-2002-1357"
},
{
"db": "PACKETSTORM",
"id": "30625"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#389665",
"trust": 3.5
},
{
"db": "BID",
"id": "6405",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2002-1357",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1005813",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1005812",
"trust": 1.7
},
{
"db": "BID",
"id": "6397",
"trust": 1.1
},
{
"db": "BID",
"id": "6410",
"trust": 0.8
},
{
"db": "BID",
"id": "6407",
"trust": 0.8
},
{
"db": "BID",
"id": "6408",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000322",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200212-040",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "CA-2002-36",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5849",
"trust": 0.6
},
{
"db": "VULNWATCH",
"id": "20021216 R7-0009: VULNERABILITIES IN SSH2 IMPLEMENTATIONS FROM MULTIPLE VENDORS",
"trust": 0.6
},
{
"db": "XF",
"id": "10868",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5742",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2002-1357",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30625",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5742"
},
{
"db": "VULMON",
"id": "CVE-2002-1357"
},
{
"db": "BID",
"id": "6405"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000322"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1357"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-040"
}
]
},
"id": "VAR-200212-0624",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5742"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:13:57.960000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ssh-packet-suite-vuln",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml"
},
{
"title": "2003120403",
"trust": 0.8,
"url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120403.shtml"
},
{
"title": "303",
"trust": 0.8,
"url": "http://www.ssh.com/company/newsroom/article/303/"
},
{
"title": "ssh-packet-suite-vuln",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/ssh-packet-suite-vuln-j.shtml"
},
{
"title": "Cisco: SSH Malformed Packet Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20021219-ssh-packet"
},
{
"title": "PuTTy-",
"trust": 0.1,
"url": "https://github.com/pbr94/putty- "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2002-1357"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5742"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000322"
},
{
"db": "NVD",
"id": "CVE-2002-1357"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.cert.org/advisories/ca-2002-36.html"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/389665"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/6405"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1005812"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1005813"
},
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5849"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10868"
},
{
"trust": 0.9,
"url": "http://www.rapid7.com/advisories/r7-0009.txt"
},
{
"trust": 0.9,
"url": "http://www.rapid7.com/perl/downloadrequest.pl?packagechoice=666"
},
{
"trust": 0.9,
"url": "http://www.citi.umich.edu/u/provos/ssh/privsep.html"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/n-028.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1357"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr025001.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-36"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1357"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6407"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6408"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6397"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6410"
},
{
"trust": 0.6,
"url": "http://www.f-secure.com/"
},
{
"trust": 0.6,
"url": "http://www.ssh.com"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/10868"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5849"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/305241"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/cisco-sshredder-dos"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/pbr94/putty-"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15."
},
{
"trust": 0.1,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "https://www.pragmasys.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5742"
},
{
"db": "VULMON",
"id": "CVE-2002-1357"
},
{
"db": "BID",
"id": "6405"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000322"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1357"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-040"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#389665"
},
{
"db": "VULHUB",
"id": "VHN-5742"
},
{
"db": "VULMON",
"id": "CVE-2002-1357"
},
{
"db": "BID",
"id": "6405"
},
{
"db": "BID",
"id": "6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000322"
},
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "NVD",
"id": "CVE-2002-1357"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-040"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-16T00:00:00",
"db": "CERT/CC",
"id": "VU#389665"
},
{
"date": "2002-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-5742"
},
{
"date": "2002-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1357"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6405"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6397"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000322"
},
{
"date": "2002-12-21T10:23:09",
"db": "PACKETSTORM",
"id": "30625"
},
{
"date": "2002-12-23T05:00:00",
"db": "NVD",
"id": "CVE-2002-1357"
},
{
"date": "2002-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-040"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-18T00:00:00",
"db": "CERT/CC",
"id": "VU#389665"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-5742"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1357"
},
{
"date": "2006-05-16T22:04:00",
"db": "BID",
"id": "6405"
},
{
"date": "2002-12-16T00:00:00",
"db": "BID",
"id": "6397"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000322"
},
{
"date": "2017-10-11T01:29:03.620000",
"db": "NVD",
"id": "CVE-2002-1357"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-040"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "30625"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-040"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vendors\u0027 SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization",
"sources": [
{
"db": "CERT/CC",
"id": "VU#389665"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "6405"
},
{
"db": "BID",
"id": "6397"
}
],
"trust": 0.6
}
}
VAR-200312-0086
Vulnerability from variot - Updated: 2023-12-18 12:13The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
Original release date: February 21, 2003 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file. Other systems making use of SIP may also be vulnerable but were not specifically tested. Not all SIP implementations are affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from VU#528719. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
I. SIP is a text-based protocol for initiating communication and data sessions between users.
The Oulu University Secure Programming Group (OUSPG) previously conducted research into vulnerabilities in LDAP, culminating in CERT Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03.
OUSPG's most recent research focused on a subset of SIP related to the INVITE message, which SIP agents and proxies are required to accept in order to set up sessions. Note that "throttling" is an expected behavior.
Specifications for the Session Initiation Protocol are available in RFC3261:
http://www.ietf.org/rfc/rfc3261.txt
OUSPG has established the following site with detailed documentation regarding SIP and the implementation test results from the test suite:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
The IETF Charter page for SIP is available at
http://www.ietf.org/html.charters/sip-charter.html
II. Impact
Exploitation of these vulnerabilities may result in denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain unauthorized access to the affected device. Specific impacts will vary from product to product.
III. Solution
Many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this
advisory. Please consult this appendix and VU#528719 to determine
if your product is vulnerable. If a statement is unavailable, you
may need to contact your vendor directly.
Disable the SIP-enabled devices and services
As a general rule, the CERT/CC recommends disabling any service or
capability that is not explicitly required. Some of the affected
products may rely on SIP to be functional. You should carefully
consider the impact of blocking services that you may be using.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of
these vulnerabilities by blocking access to SIP devices and
services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a
network under your administrative control. Servers are typically
the only machines that need to accept inbound traffic from the
public Internet. Note that most SIP User Agents (including IP
phones or "clien"t software) consist of a User Agent Client and a
User Agent Server. In the network usage policy of many sites, there
are few reasons for external hosts to initiate inbound traffic to
machines that provide no public services. Thus, ingress filtering
should be performed at the border to prohibit externally initiated
inbound traffic to non-authorized services.
Please note that this workaround may not protect vulnerable devices
from internal attacks.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need
for machines providing public services to initiate outbound traffic
to the Internet. In the case of the SIP vulnerabilities, employing
egress filtering on the ports listed above at your network border
may prevent your network from being used as a source for attacks on
other sites.
Block SIP requests directed to broadcast addresses at your router.
Since SIP requests can be transmitted via UDP, broadcast attacks
are possible. One solution to prevent your site from being used as
an intermediary in an attack is to block SIP requests directed to
broadcast addresses at your router.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
America Online Inc
Not vulnerable.
Apple Computer Inc.
There are currently no applications shipped by Apple with Mac OS X
or Mac OS X Server which make use of the Session Initiation
Protocol.
Borderware
No BorderWare products make use of SIP and thus no BorderWare
products are affected by this vulnerability.
We would however like to extend our thanks to the OUSPG for their
work as well as for the responsible manner in which they handle
their discoveries. Their detailed reports and test suites are
certainly well-received.
We would also like to reiterate the fact that SIP has yet to
mature, protocol-wise as well as implementation-wise. We do not
recommend that our customers set up SIP relays in parallel to our
firewall products to pass SIP-based applications in or out of
networks where security is a concern of note.
F5 Networks
F5 Networks does not have a SIP server product, and is therefore
not affected by this vulnerability.
Fujitsu
With regards to VU#528719, Fujitsu's UXP/V o.s. is not vulnerable
because the relevant function is not supported under UXP/V.
IBM
SIP is not implemented as part of the AIX operating system.
IP Filter
IPFilter does not do any SIP specific protocol handling and is
therefore not affected by the issues mentioned in the paper cited.
IPTel
All versions of SIP Express Router up to 0.8.9 are sadly vulnerable
to the OUSPG test suite. We strongly advice to upgrade to version
0.8.10. Please also apply the patch to version 0.8.10 from
http://www.iptel.org/ser/security/
before installation and keep on watching this site in the future.
We apologize to our users for the trouble.
Hewlett-Packard Company
Source:
Hewlett-Packard Company
Software Security Response Team
cross reference id: SSRT2402
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send
an E-mail message to: mailto:security-alert@hp.com
Lucent
No Lucent products are known to be affected by this vulnerability,
however we are still researching the issue and will update this
statement as needed.
Microsoft Corporation
Microsoft has investigated these issues. The Microsoft SIP client
implementation is not affected.
NEC Corporation
===================================================================
NEC vendor statement for VU#528719
===================================================================
sent on February 13, 2002
Server Products
* EWS/UP 48 Series operating system
* - is NOT vulnerable, because it does not support SIP.
Router Products
* IX 1000 / 2000 / 5000 Series
* - is NOT vulnerable, because it does not support SIP.
Other Network products
* We continue to check our products which support SIP protocol.
===================================================================
NETBSD
NetBSD does not ship any implementation of SIP.
NETfilter.org
As the linux 2.4/2.5 netfilter implementation currently doesn't
support connection tracking or NAT for the SIP protocol suite, we
are not vulnerable to this bug.
NetScreen
NetScreen is not vulnerable to this issue.
Network Appliance
NetApp products are not affected by this vulnerability.
Nokia
Nokia IP Security Platforms based on IPSO, Nokis Small Office
Solution platforms, Nokia VPN products and Nokia Message Protector
platform do not initiate or terminate SIP based sessions. The
mentioned Nokia products are not susceptible to this vulnerability
Nortel Networks
Nortel Networks is cooperating to the fullest extent with the CERT
Coordination Center. All Nortel Networks products that use Session
Initiation Protocol SIP) have been tested and all generally
available products, with the following exceptions, have passed the
test suite:
Succession Communication Server 2000 and Succession Communication
Server 2000 - Compact are impacted by the test suite only in
configurations where SIP-T has been provisioned within the
Communication Server; a software patch is expected to be available
by the end of February.
For further information about Nortel Networks products please
contact Nortel Networks Global Network Support.
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907
9009
Contacts for other regions available at the Global Contact
<http://www.nortelnetworks.com/help/contact/global/> web page.
Novell
Novell has no products implementing SIP.
Secure Computing Corporation
Neither Sidewinder nor Gauntlet implements SIP, so we do not need
to be on the vendor list for this vulnerability.
SecureWorx
We hereby attest that SecureWorx Basilisk Gateway Security product
suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the
Session Initiation Protocol (SIP) Vulnerability VU#528719 as
described in the OUSPG announcement (OUSPG#0106) received on Fri, 8
Nov 2002 10:17:11 -0500.
Stonesoft
Stonesoft's StoneGate high availability firewall and VPN product
does not contain any code that handles SIP protocol. No versions of
StoneGate are vulnerable.
Symantec
Symantec Corporation products are not vulnerable to this issue.
Xerox
Xerox is aware of this vulnerability and is currently assessing all
products. This statement will be updated as new information becomes
available.
Appendix B. - References
1. http://www.ee.oulu.fi/research/ouspg/protos/
2. http://www.kb.cert.org/vuls/id/528719
3. http://www.cert.org/tech_tips/denial_of_service.html
4. http://www.ietf.org/html.charters/sip-charter.html
5. RFC3261 - SIP: Session Initiation Protocol
6. RFC2327 - SDP: Session Description Protocol
7. RFC2279 - UTF-8, a transformation format of ISO 10646
8. Session Initiation Protocol Basic Call Flow Examples
9. We would also like to acknowledge the
"RedSkins" project of "MediaTeam Oulu" for their support of this research.
Feedback on this document can be directed to the authors, Jason A. Rafail and Ian A. Finlay.
This document is available from: http://www.cert.org/advisories/CA-2003-06.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History Feb 21, 2003: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG IXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ 17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O Eisa8/wivlM= =p961 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0086",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "appengine",
"scope": "eq",
"trust": 1.0,
"vendor": "dynamicsoft",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cirpack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "columbia sip user agent sipc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dynamicsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iptel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediatrix telecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pingtel",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "appengine",
"scope": null,
"trust": 0.6,
"vendor": "dynamicsoft",
"version": null
},
{
"model": "partysip",
"scope": "ne",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.6"
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "appengine",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "ne",
"trust": 0.3,
"vendor": "columbia",
"version": "2.0"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.9"
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3-1"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "osip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.5"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.4"
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server compact",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000-"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.0"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1-1"
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "eq",
"trust": 0.3,
"vendor": "columbia",
"version": "1.74"
},
{
"model": "osip",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.5"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1"
},
{
"model": "c++ sip user agent",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "5.0"
},
{
"model": "sip express router",
"scope": "ne",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "6.0"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2-1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.8"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "NVD",
"id": "CVE-2003-1111"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-142"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dynamicsoft:appengine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1111"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oulu University Secure Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-142"
}
],
"trust": 0.6
},
"cve": "CVE-2003-1111",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-1111",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#528719",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-142",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "NVD",
"id": "CVE-2003-1111"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-142"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. \nThese issues are related to handling of SIP INVITE messages. \nExploitation and the specific nature of each vulnerability may depend on the particular implementation. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the\nSession Initiation Protocol (SIP)\n\n Original release date: February 21, 2003\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n Other systems making use of SIP may also be vulnerable but were not\n specifically tested. Not all SIP implementations are affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from VU#528719. These\n vulnerabilities may allow an attacker to gain unauthorized privileged\n access, cause denial-of-service attacks, or cause unstable system\n behavior. If your site uses SIP-enabled products in any capacity, the\n CERT/CC encourages you to read this advisory and follow the advice\n provided in the Solution section below. \n\nI. \n SIP is a text-based protocol for initiating communication and data\n sessions between users. \n\n The Oulu University Secure Programming Group (OUSPG) previously\n conducted research into vulnerabilities in LDAP, culminating in CERT\n Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03. \n\n OUSPG\u0027s most recent research focused on a subset of SIP related to the\n INVITE message, which SIP agents and proxies are required to accept in\n order to set up sessions. Note that \"throttling\" is an expected\n behavior. \n\n Specifications for the Session Initiation Protocol are available in\n RFC3261:\n\n http://www.ietf.org/rfc/rfc3261.txt\n\n OUSPG has established the following site with detailed documentation\n regarding SIP and the implementation test results from the test suite:\n\n http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/\n\n The IETF Charter page for SIP is available at\n\n http://www.ietf.org/html.charters/sip-charter.html\n\nII. Impact\n\n Exploitation of these vulnerabilities may result in denial-of-service\n conditions, service interruptions, and in some cases may allow an\n attacker to gain unauthorized access to the affected device. Specific\n impacts will vary from product to product. \n\nIII. Solution\n\n Many of the mitigation steps recommended below may have significant\n impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\n Apply a patch from your vendor\n\n Appendix A contains information provided by vendors for this\n advisory. Please consult this appendix and VU#528719 to determine\n if your product is vulnerable. If a statement is unavailable, you\n may need to contact your vendor directly. \n\n Disable the SIP-enabled devices and services\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required. Some of the affected\n products may rely on SIP to be functional. You should carefully\n consider the impact of blocking services that you may be using. \n\n Ingress filtering\n\n As a temporary measure, it may be possible to limit the scope of\n these vulnerabilities by blocking access to SIP devices and\n services at the network perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a\n network under your administrative control. Servers are typically\n the only machines that need to accept inbound traffic from the\n public Internet. Note that most SIP User Agents (including IP\n phones or \"clien\"t software) consist of a User Agent Client and a\n User Agent Server. In the network usage policy of many sites, there\n are few reasons for external hosts to initiate inbound traffic to\n machines that provide no public services. Thus, ingress filtering\n should be performed at the border to prohibit externally initiated\n inbound traffic to non-authorized services. \n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\n Egress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need\n for machines providing public services to initiate outbound traffic\n to the Internet. In the case of the SIP vulnerabilities, employing\n egress filtering on the ports listed above at your network border\n may prevent your network from being used as a source for attacks on\n other sites. \n\n Block SIP requests directed to broadcast addresses at your router. \n\n Since SIP requests can be transmitted via UDP, broadcast attacks\n are possible. One solution to prevent your site from being used as\n an intermediary in an attack is to block SIP requests directed to\n broadcast addresses at your router. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\n America Online Inc\n\n Not vulnerable. \n\n Apple Computer Inc. \n\n There are currently no applications shipped by Apple with Mac OS X\n or Mac OS X Server which make use of the Session Initiation\n Protocol. \n\n Borderware\n\n No BorderWare products make use of SIP and thus no BorderWare\n products are affected by this vulnerability. \n We would however like to extend our thanks to the OUSPG for their\n work as well as for the responsible manner in which they handle\n their discoveries. Their detailed reports and test suites are\n certainly well-received. \n We would also like to reiterate the fact that SIP has yet to\n mature, protocol-wise as well as implementation-wise. We do not\n recommend that our customers set up SIP relays in parallel to our\n firewall products to pass SIP-based applications in or out of\n networks where security is a concern of note. \n\n F5 Networks\n\n F5 Networks does not have a SIP server product, and is therefore\n not affected by this vulnerability. \n\n Fujitsu\n\n With regards to VU#528719, Fujitsu\u0027s UXP/V o.s. is not vulnerable\n because the relevant function is not supported under UXP/V. \n\n IBM\n\n SIP is not implemented as part of the AIX operating system. \n\n IP Filter\n\n IPFilter does not do any SIP specific protocol handling and is\n therefore not affected by the issues mentioned in the paper cited. \n\n IPTel\n\n All versions of SIP Express Router up to 0.8.9 are sadly vulnerable\n to the OUSPG test suite. We strongly advice to upgrade to version\n 0.8.10. Please also apply the patch to version 0.8.10 from\n http://www.iptel.org/ser/security/\n before installation and keep on watching this site in the future. \n We apologize to our users for the trouble. \n\n Hewlett-Packard Company\n\n Source:\n Hewlett-Packard Company\n Software Security Response Team\n cross reference id: SSRT2402\n\n HP-UX - not vulnerable\n HP-MPE/ix - not vulnerable\n HP Tru64 UNIX - not vulnerable\n HP OpenVMS - not vulnerable\n HP NonStop Servers - not vulnerable\n\n To report potential security vulnerabilities in HP software, send\n an E-mail message to: mailto:security-alert@hp.com\n\n Lucent\n\n No Lucent products are known to be affected by this vulnerability,\n however we are still researching the issue and will update this\n statement as needed. \n\n Microsoft Corporation\n\n Microsoft has investigated these issues. The Microsoft SIP client\n implementation is not affected. \n\n NEC Corporation\n\n ===================================================================\n NEC vendor statement for VU#528719\n ===================================================================\n\n sent on February 13, 2002\n Server Products\n * EWS/UP 48 Series operating system\n * - is NOT vulnerable, because it does not support SIP. \n\n Router Products\n * IX 1000 / 2000 / 5000 Series\n * - is NOT vulnerable, because it does not support SIP. \n\n Other Network products\n * We continue to check our products which support SIP protocol. \n\n ===================================================================\n\n NETBSD\n\n NetBSD does not ship any implementation of SIP. \n\n NETfilter.org\n\n As the linux 2.4/2.5 netfilter implementation currently doesn\u0027t\n support connection tracking or NAT for the SIP protocol suite, we\n are not vulnerable to this bug. \n\n NetScreen\n\n NetScreen is not vulnerable to this issue. \n\n Network Appliance\n\n NetApp products are not affected by this vulnerability. \n\n Nokia\n\n Nokia IP Security Platforms based on IPSO, Nokis Small Office\n Solution platforms, Nokia VPN products and Nokia Message Protector\n platform do not initiate or terminate SIP based sessions. The\n mentioned Nokia products are not susceptible to this vulnerability\n\n Nortel Networks\n\n Nortel Networks is cooperating to the fullest extent with the CERT\n Coordination Center. All Nortel Networks products that use Session\n Initiation Protocol SIP) have been tested and all generally\n available products, with the following exceptions, have passed the\n test suite:\n\n Succession Communication Server 2000 and Succession Communication\n Server 2000 - Compact are impacted by the test suite only in\n configurations where SIP-T has been provisioned within the\n Communication Server; a software patch is expected to be available\n by the end of February. \n\n For further information about Nortel Networks products please\n contact Nortel Networks Global Network Support. \n\n North America: 1-800-4-NORTEL, or (1-800-466-7835)\n Europe, Middle East \u0026 Africa: 00800 8008 9009, or +44 (0) 870 907\n 9009\n\n Contacts for other regions available at the Global Contact\n \u003chttp://www.nortelnetworks.com/help/contact/global/\u003e web page. \n\n Novell\n\n Novell has no products implementing SIP. \n\n Secure Computing Corporation\n\n Neither Sidewinder nor Gauntlet implements SIP, so we do not need\n to be on the vendor list for this vulnerability. \n\n SecureWorx\n\n We hereby attest that SecureWorx Basilisk Gateway Security product\n suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the\n Session Initiation Protocol (SIP) Vulnerability VU#528719 as\n described in the OUSPG announcement (OUSPG#0106) received on Fri, 8\n Nov 2002 10:17:11 -0500. \n\n Stonesoft\n\n Stonesoft\u0027s StoneGate high availability firewall and VPN product\n does not contain any code that handles SIP protocol. No versions of\n StoneGate are vulnerable. \n\n Symantec\n\n Symantec Corporation products are not vulnerable to this issue. \n\n Xerox\n\n Xerox is aware of this vulnerability and is currently assessing all\n products. This statement will be updated as new information becomes\n available. \n\nAppendix B. - References\n\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/528719\n 3. http://www.cert.org/tech_tips/denial_of_service.html\n 4. http://www.ietf.org/html.charters/sip-charter.html\n 5. RFC3261 - SIP: Session Initiation Protocol\n 6. RFC2327 - SDP: Session Description Protocol\n 7. RFC2279 - UTF-8, a transformation format of ISO 10646\n 8. Session Initiation Protocol Basic Call Flow Examples \n 9. We would also like to acknowledge the\n \"RedSkins\" project of \"MediaTeam Oulu\" for their support of this\n research. \n _________________________________________________________________\n\n Feedback on this document can be directed to the authors, \n Jason A. Rafail and Ian A. Finlay. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2003-06.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2003 Carnegie Mellon University. \n\n Revision History\n Feb 21, 2003: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG\nIXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ\n17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O\nEisa8/wivlM=\n=p961\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1111"
},
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719",
"trust": 2.8
},
{
"db": "BID",
"id": "6904",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2003-1111",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "CA-2003-06",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4442",
"trust": 0.6
},
{
"db": "XF",
"id": "11379",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200312-142",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "30838",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1111"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-142"
}
]
},
"id": "VAR-200312-0086",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37675563
},
"last_update_date": "2023-12-18T12:13:49.207000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1111"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
},
{
"trust": 2.0,
"url": "http://www.cert.org/advisories/ca-2003-06.html"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"trust": 1.9,
"url": "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/6904"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/html.charters/sip-charter.html"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/rfc/rfc3261.txt"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/ "
},
{
"trust": 0.8,
"url": "http://www.mediateam.oulu.fi/projects/redskins/?lang=en"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3665.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2327.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2279.txt"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11379"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4442"
},
{
"trust": 0.3,
"url": "http://www.fsf.org/software/osip/osip.html"
},
{
"trust": 0.3,
"url": "http://www.partysip.org/"
},
{
"trust": 0.3,
"url": "http://www.iptel.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=16123"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.iptel.org/ser/security/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/\u003e"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1111"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-142"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1111"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-142"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2003-02-21T17:04:53",
"db": "PACKETSTORM",
"id": "30838"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1111"
},
{
"date": "2003-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-142"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2017-07-11T01:29:45.087000",
"db": "NVD",
"id": "CVE-2003-1111"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-142"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-142"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "6904"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-142"
}
],
"trust": 0.9
}
}
VAR-200312-0089
Vulnerability from variot - Updated: 2023-12-18 12:13The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation. SIP is part of the IETF standards process, and it builds on foundations such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext Transfer Protocol). It is used to establish, change and terminate calls between users based on IP networks. Cisco IP Telephony Modules 7940 and 7960 have these vulnerabilities, which can cause denial of service, and are documented in Cisco Bug IDs CSCdz26317, CSCdz29003, CSCdz29033, and CSCdz29041. Versions running Cisco IOS 12.2T train or any 12.2 \'\'X\'\' train will reset due to incorrect handling of SIP protocols containing illegal headers. These vulnerabilities are documented in Cisco Bug IDs CSCdz39284 and CSCdz41124. Devices running an IOS version with this vulnerability and configured as a SIP gateway will cause the vulnerability generated by CSCdz39284. However, any version of IOS running with this vulnerability and configured in NAT mode will cause the vulnerability described by CSCdz41124 when SIP uses UDP for transmission. The Cisco PIX firewall resets when it receives a fragmented SIP INVITE message. Since the current SIP patch does not support fragmented SIP messages, the vulnerability described by Cisco Bug ID CSCdx47789 is temporarily patched by dropping SIP fragments.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
Original release date: February 21, 2003 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file. Other systems making use of SIP may also be vulnerable but were not specifically tested. Not all SIP implementations are affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from VU#528719. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
I. SIP is a text-based protocol for initiating communication and data sessions between users.
The Oulu University Secure Programming Group (OUSPG) previously conducted research into vulnerabilities in LDAP, culminating in CERT Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03.
OUSPG's most recent research focused on a subset of SIP related to the INVITE message, which SIP agents and proxies are required to accept in order to set up sessions. Note that "throttling" is an expected behavior.
Specifications for the Session Initiation Protocol are available in RFC3261:
http://www.ietf.org/rfc/rfc3261.txt
OUSPG has established the following site with detailed documentation regarding SIP and the implementation test results from the test suite:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
The IETF Charter page for SIP is available at
http://www.ietf.org/html.charters/sip-charter.html
II. Impact
Exploitation of these vulnerabilities may result in denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain unauthorized access to the affected device. Specific impacts will vary from product to product.
III. Solution
Many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this
advisory. Please consult this appendix and VU#528719 to determine
if your product is vulnerable. If a statement is unavailable, you
may need to contact your vendor directly.
Disable the SIP-enabled devices and services
As a general rule, the CERT/CC recommends disabling any service or
capability that is not explicitly required. Some of the affected
products may rely on SIP to be functional. You should carefully
consider the impact of blocking services that you may be using.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of
these vulnerabilities by blocking access to SIP devices and
services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a
network under your administrative control. Servers are typically
the only machines that need to accept inbound traffic from the
public Internet. Note that most SIP User Agents (including IP
phones or "clien"t software) consist of a User Agent Client and a
User Agent Server. In the network usage policy of many sites, there
are few reasons for external hosts to initiate inbound traffic to
machines that provide no public services. Thus, ingress filtering
should be performed at the border to prohibit externally initiated
inbound traffic to non-authorized services.
Please note that this workaround may not protect vulnerable devices
from internal attacks.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need
for machines providing public services to initiate outbound traffic
to the Internet. In the case of the SIP vulnerabilities, employing
egress filtering on the ports listed above at your network border
may prevent your network from being used as a source for attacks on
other sites.
Block SIP requests directed to broadcast addresses at your router.
Since SIP requests can be transmitted via UDP, broadcast attacks
are possible. One solution to prevent your site from being used as
an intermediary in an attack is to block SIP requests directed to
broadcast addresses at your router.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
America Online Inc
Not vulnerable.
Apple Computer Inc.
There are currently no applications shipped by Apple with Mac OS X
or Mac OS X Server which make use of the Session Initiation
Protocol.
Borderware
No BorderWare products make use of SIP and thus no BorderWare
products are affected by this vulnerability.
We would however like to extend our thanks to the OUSPG for their
work as well as for the responsible manner in which they handle
their discoveries. Their detailed reports and test suites are
certainly well-received.
We would also like to reiterate the fact that SIP has yet to
mature, protocol-wise as well as implementation-wise. We do not
recommend that our customers set up SIP relays in parallel to our
firewall products to pass SIP-based applications in or out of
networks where security is a concern of note.
F5 Networks
F5 Networks does not have a SIP server product, and is therefore
not affected by this vulnerability.
Fujitsu
With regards to VU#528719, Fujitsu's UXP/V o.s. is not vulnerable
because the relevant function is not supported under UXP/V.
IBM
SIP is not implemented as part of the AIX operating system.
IP Filter
IPFilter does not do any SIP specific protocol handling and is
therefore not affected by the issues mentioned in the paper cited.
IPTel
All versions of SIP Express Router up to 0.8.9 are sadly vulnerable
to the OUSPG test suite. We strongly advice to upgrade to version
0.8.10. Please also apply the patch to version 0.8.10 from
http://www.iptel.org/ser/security/
before installation and keep on watching this site in the future.
We apologize to our users for the trouble.
Hewlett-Packard Company
Source:
Hewlett-Packard Company
Software Security Response Team
cross reference id: SSRT2402
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send
an E-mail message to: mailto:security-alert@hp.com
Lucent
No Lucent products are known to be affected by this vulnerability,
however we are still researching the issue and will update this
statement as needed.
Microsoft Corporation
Microsoft has investigated these issues. The Microsoft SIP client
implementation is not affected.
NEC Corporation
===================================================================
NEC vendor statement for VU#528719
===================================================================
sent on February 13, 2002
Server Products
* EWS/UP 48 Series operating system
* - is NOT vulnerable, because it does not support SIP.
Router Products
* IX 1000 / 2000 / 5000 Series
* - is NOT vulnerable, because it does not support SIP.
Other Network products
* We continue to check our products which support SIP protocol.
===================================================================
NETBSD
NetBSD does not ship any implementation of SIP.
NETfilter.org
As the linux 2.4/2.5 netfilter implementation currently doesn't
support connection tracking or NAT for the SIP protocol suite, we
are not vulnerable to this bug.
NetScreen
NetScreen is not vulnerable to this issue.
Network Appliance
NetApp products are not affected by this vulnerability.
Nokia
Nokia IP Security Platforms based on IPSO, Nokis Small Office
Solution platforms, Nokia VPN products and Nokia Message Protector
platform do not initiate or terminate SIP based sessions. The
mentioned Nokia products are not susceptible to this vulnerability
Nortel Networks
Nortel Networks is cooperating to the fullest extent with the CERT
Coordination Center. All Nortel Networks products that use Session
Initiation Protocol SIP) have been tested and all generally
available products, with the following exceptions, have passed the
test suite:
Succession Communication Server 2000 and Succession Communication
Server 2000 - Compact are impacted by the test suite only in
configurations where SIP-T has been provisioned within the
Communication Server; a software patch is expected to be available
by the end of February.
For further information about Nortel Networks products please
contact Nortel Networks Global Network Support.
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907
9009
Contacts for other regions available at the Global Contact
<http://www.nortelnetworks.com/help/contact/global/> web page.
Novell
Novell has no products implementing SIP.
Secure Computing Corporation
Neither Sidewinder nor Gauntlet implements SIP, so we do not need
to be on the vendor list for this vulnerability.
SecureWorx
We hereby attest that SecureWorx Basilisk Gateway Security product
suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the
Session Initiation Protocol (SIP) Vulnerability VU#528719 as
described in the OUSPG announcement (OUSPG#0106) received on Fri, 8
Nov 2002 10:17:11 -0500.
Stonesoft
Stonesoft's StoneGate high availability firewall and VPN product
does not contain any code that handles SIP protocol. No versions of
StoneGate are vulnerable.
Symantec
Symantec Corporation products are not vulnerable to this issue.
Xerox
Xerox is aware of this vulnerability and is currently assessing all
products. This statement will be updated as new information becomes
available.
Appendix B. - References
1. http://www.ee.oulu.fi/research/ouspg/protos/
2. http://www.kb.cert.org/vuls/id/528719
3. http://www.cert.org/tech_tips/denial_of_service.html
4. http://www.ietf.org/html.charters/sip-charter.html
5. RFC3261 - SIP: Session Initiation Protocol
6. RFC2327 - SDP: Session Description Protocol
7. RFC2279 - UTF-8, a transformation format of ISO 10646
8. Session Initiation Protocol Basic Call Flow Examples
9. We would also like to acknowledge the
"RedSkins" project of "MediaTeam Oulu" for their support of this research.
Feedback on this document can be directed to the authors, Jason A. Rafail and Ian A. Finlay.
This document is available from: http://www.cert.org/advisories/CA-2003-06.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History Feb 21, 2003: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG IXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ 17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O Eisa8/wivlM= =p961 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "voip access devices and gateways",
"scope": "eq",
"trust": 1.6,
"vendor": "mediatrix telecom",
"version": "sipv2.3"
},
{
"model": "voip access devices and gateways",
"scope": "eq",
"trust": 1.6,
"vendor": "mediatrix telecom",
"version": "sipv2.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cirpack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "columbia sip user agent sipc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dynamicsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iptel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediatrix telecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pingtel",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "ne",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.6"
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "appengine",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "ne",
"trust": 0.3,
"vendor": "columbia",
"version": "2.0"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.9"
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3-1"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "osip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.5"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.4"
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server compact",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000-"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.0"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1-1"
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "eq",
"trust": 0.3,
"vendor": "columbia",
"version": "1.74"
},
{
"model": "osip",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.5"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1"
},
{
"model": "c++ sip user agent",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "5.0"
},
{
"model": "sip express router",
"scope": "ne",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "6.0"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2-1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.8"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "NVD",
"id": "CVE-2003-1114"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-465"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mediatrix_telecom:voip_access_devices_and_gateways:sipv2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mediatrix_telecom:voip_access_devices_and_gateways:sipv2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1114"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oulu University Secure Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-465"
}
],
"trust": 0.6
},
"cve": "CVE-2003-1114",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7939",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-1114",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#528719",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-465",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7939",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7939"
},
{
"db": "NVD",
"id": "CVE-2003-1114"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-465"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. \nThese issues are related to handling of SIP INVITE messages. \nExploitation and the specific nature of each vulnerability may depend on the particular implementation. SIP is part of the IETF standards process, and it builds on foundations such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext Transfer Protocol). It is used to establish, change and terminate calls between users based on IP networks. Cisco IP Telephony Modules 7940 and 7960 have these vulnerabilities, which can cause denial of service, and are documented in Cisco Bug IDs CSCdz26317, CSCdz29003, CSCdz29033, and CSCdz29041. Versions running Cisco IOS 12.2T train or any 12.2 \\\u0027\\\u0027X\\\u0027\\\u0027 train will reset due to incorrect handling of SIP protocols containing illegal headers. These vulnerabilities are documented in Cisco Bug IDs CSCdz39284 and CSCdz41124. Devices running an IOS version with this vulnerability and configured as a SIP gateway will cause the vulnerability generated by CSCdz39284. However, any version of IOS running with this vulnerability and configured in NAT mode will cause the vulnerability described by CSCdz41124 when SIP uses UDP for transmission. The Cisco PIX firewall resets when it receives a fragmented SIP INVITE message. Since the current SIP patch does not support fragmented SIP messages, the vulnerability described by Cisco Bug ID CSCdx47789 is temporarily patched by dropping SIP fragments. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the\nSession Initiation Protocol (SIP)\n\n Original release date: February 21, 2003\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n Other systems making use of SIP may also be vulnerable but were not\n specifically tested. Not all SIP implementations are affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from VU#528719. These\n vulnerabilities may allow an attacker to gain unauthorized privileged\n access, cause denial-of-service attacks, or cause unstable system\n behavior. If your site uses SIP-enabled products in any capacity, the\n CERT/CC encourages you to read this advisory and follow the advice\n provided in the Solution section below. \n\nI. \n SIP is a text-based protocol for initiating communication and data\n sessions between users. \n\n The Oulu University Secure Programming Group (OUSPG) previously\n conducted research into vulnerabilities in LDAP, culminating in CERT\n Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03. \n\n OUSPG\u0027s most recent research focused on a subset of SIP related to the\n INVITE message, which SIP agents and proxies are required to accept in\n order to set up sessions. Note that \"throttling\" is an expected\n behavior. \n\n Specifications for the Session Initiation Protocol are available in\n RFC3261:\n\n http://www.ietf.org/rfc/rfc3261.txt\n\n OUSPG has established the following site with detailed documentation\n regarding SIP and the implementation test results from the test suite:\n\n http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/\n\n The IETF Charter page for SIP is available at\n\n http://www.ietf.org/html.charters/sip-charter.html\n\nII. Impact\n\n Exploitation of these vulnerabilities may result in denial-of-service\n conditions, service interruptions, and in some cases may allow an\n attacker to gain unauthorized access to the affected device. Specific\n impacts will vary from product to product. \n\nIII. Solution\n\n Many of the mitigation steps recommended below may have significant\n impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\n Apply a patch from your vendor\n\n Appendix A contains information provided by vendors for this\n advisory. Please consult this appendix and VU#528719 to determine\n if your product is vulnerable. If a statement is unavailable, you\n may need to contact your vendor directly. \n\n Disable the SIP-enabled devices and services\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required. Some of the affected\n products may rely on SIP to be functional. You should carefully\n consider the impact of blocking services that you may be using. \n\n Ingress filtering\n\n As a temporary measure, it may be possible to limit the scope of\n these vulnerabilities by blocking access to SIP devices and\n services at the network perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a\n network under your administrative control. Servers are typically\n the only machines that need to accept inbound traffic from the\n public Internet. Note that most SIP User Agents (including IP\n phones or \"clien\"t software) consist of a User Agent Client and a\n User Agent Server. In the network usage policy of many sites, there\n are few reasons for external hosts to initiate inbound traffic to\n machines that provide no public services. Thus, ingress filtering\n should be performed at the border to prohibit externally initiated\n inbound traffic to non-authorized services. \n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\n Egress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need\n for machines providing public services to initiate outbound traffic\n to the Internet. In the case of the SIP vulnerabilities, employing\n egress filtering on the ports listed above at your network border\n may prevent your network from being used as a source for attacks on\n other sites. \n\n Block SIP requests directed to broadcast addresses at your router. \n\n Since SIP requests can be transmitted via UDP, broadcast attacks\n are possible. One solution to prevent your site from being used as\n an intermediary in an attack is to block SIP requests directed to\n broadcast addresses at your router. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\n America Online Inc\n\n Not vulnerable. \n\n Apple Computer Inc. \n\n There are currently no applications shipped by Apple with Mac OS X\n or Mac OS X Server which make use of the Session Initiation\n Protocol. \n\n Borderware\n\n No BorderWare products make use of SIP and thus no BorderWare\n products are affected by this vulnerability. \n We would however like to extend our thanks to the OUSPG for their\n work as well as for the responsible manner in which they handle\n their discoveries. Their detailed reports and test suites are\n certainly well-received. \n We would also like to reiterate the fact that SIP has yet to\n mature, protocol-wise as well as implementation-wise. We do not\n recommend that our customers set up SIP relays in parallel to our\n firewall products to pass SIP-based applications in or out of\n networks where security is a concern of note. \n\n F5 Networks\n\n F5 Networks does not have a SIP server product, and is therefore\n not affected by this vulnerability. \n\n Fujitsu\n\n With regards to VU#528719, Fujitsu\u0027s UXP/V o.s. is not vulnerable\n because the relevant function is not supported under UXP/V. \n\n IBM\n\n SIP is not implemented as part of the AIX operating system. \n\n IP Filter\n\n IPFilter does not do any SIP specific protocol handling and is\n therefore not affected by the issues mentioned in the paper cited. \n\n IPTel\n\n All versions of SIP Express Router up to 0.8.9 are sadly vulnerable\n to the OUSPG test suite. We strongly advice to upgrade to version\n 0.8.10. Please also apply the patch to version 0.8.10 from\n http://www.iptel.org/ser/security/\n before installation and keep on watching this site in the future. \n We apologize to our users for the trouble. \n\n Hewlett-Packard Company\n\n Source:\n Hewlett-Packard Company\n Software Security Response Team\n cross reference id: SSRT2402\n\n HP-UX - not vulnerable\n HP-MPE/ix - not vulnerable\n HP Tru64 UNIX - not vulnerable\n HP OpenVMS - not vulnerable\n HP NonStop Servers - not vulnerable\n\n To report potential security vulnerabilities in HP software, send\n an E-mail message to: mailto:security-alert@hp.com\n\n Lucent\n\n No Lucent products are known to be affected by this vulnerability,\n however we are still researching the issue and will update this\n statement as needed. \n\n Microsoft Corporation\n\n Microsoft has investigated these issues. The Microsoft SIP client\n implementation is not affected. \n\n NEC Corporation\n\n ===================================================================\n NEC vendor statement for VU#528719\n ===================================================================\n\n sent on February 13, 2002\n Server Products\n * EWS/UP 48 Series operating system\n * - is NOT vulnerable, because it does not support SIP. \n\n Router Products\n * IX 1000 / 2000 / 5000 Series\n * - is NOT vulnerable, because it does not support SIP. \n\n Other Network products\n * We continue to check our products which support SIP protocol. \n\n ===================================================================\n\n NETBSD\n\n NetBSD does not ship any implementation of SIP. \n\n NETfilter.org\n\n As the linux 2.4/2.5 netfilter implementation currently doesn\u0027t\n support connection tracking or NAT for the SIP protocol suite, we\n are not vulnerable to this bug. \n\n NetScreen\n\n NetScreen is not vulnerable to this issue. \n\n Network Appliance\n\n NetApp products are not affected by this vulnerability. \n\n Nokia\n\n Nokia IP Security Platforms based on IPSO, Nokis Small Office\n Solution platforms, Nokia VPN products and Nokia Message Protector\n platform do not initiate or terminate SIP based sessions. The\n mentioned Nokia products are not susceptible to this vulnerability\n\n Nortel Networks\n\n Nortel Networks is cooperating to the fullest extent with the CERT\n Coordination Center. All Nortel Networks products that use Session\n Initiation Protocol SIP) have been tested and all generally\n available products, with the following exceptions, have passed the\n test suite:\n\n Succession Communication Server 2000 and Succession Communication\n Server 2000 - Compact are impacted by the test suite only in\n configurations where SIP-T has been provisioned within the\n Communication Server; a software patch is expected to be available\n by the end of February. \n\n For further information about Nortel Networks products please\n contact Nortel Networks Global Network Support. \n\n North America: 1-800-4-NORTEL, or (1-800-466-7835)\n Europe, Middle East \u0026 Africa: 00800 8008 9009, or +44 (0) 870 907\n 9009\n\n Contacts for other regions available at the Global Contact\n \u003chttp://www.nortelnetworks.com/help/contact/global/\u003e web page. \n\n Novell\n\n Novell has no products implementing SIP. \n\n Secure Computing Corporation\n\n Neither Sidewinder nor Gauntlet implements SIP, so we do not need\n to be on the vendor list for this vulnerability. \n\n SecureWorx\n\n We hereby attest that SecureWorx Basilisk Gateway Security product\n suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the\n Session Initiation Protocol (SIP) Vulnerability VU#528719 as\n described in the OUSPG announcement (OUSPG#0106) received on Fri, 8\n Nov 2002 10:17:11 -0500. \n\n Stonesoft\n\n Stonesoft\u0027s StoneGate high availability firewall and VPN product\n does not contain any code that handles SIP protocol. No versions of\n StoneGate are vulnerable. \n\n Symantec\n\n Symantec Corporation products are not vulnerable to this issue. \n\n Xerox\n\n Xerox is aware of this vulnerability and is currently assessing all\n products. This statement will be updated as new information becomes\n available. \n\nAppendix B. - References\n\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/528719\n 3. http://www.cert.org/tech_tips/denial_of_service.html\n 4. http://www.ietf.org/html.charters/sip-charter.html\n 5. RFC3261 - SIP: Session Initiation Protocol\n 6. RFC2327 - SDP: Session Description Protocol\n 7. RFC2279 - UTF-8, a transformation format of ISO 10646\n 8. Session Initiation Protocol Basic Call Flow Examples \n 9. We would also like to acknowledge the\n \"RedSkins\" project of \"MediaTeam Oulu\" for their support of this\n research. \n _________________________________________________________________\n\n Feedback on this document can be directed to the authors, \n Jason A. Rafail and Ian A. Finlay. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2003-06.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2003 Carnegie Mellon University. \n\n Revision History\n Feb 21, 2003: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG\nIXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ\n17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O\nEisa8/wivlM=\n=p961\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1114"
},
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "VULHUB",
"id": "VHN-7939"
},
{
"db": "PACKETSTORM",
"id": "30838"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719",
"trust": 2.9
},
{
"db": "BID",
"id": "6904",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2003-1114",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200312-465",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "CA-2003-06",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4442",
"trust": 0.6
},
{
"db": "XF",
"id": "11379",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7939",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30838",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7939"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1114"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-465"
}
]
},
"id": "VAR-200312-0089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7939"
}
],
"trust": 0.47675563
},
"last_update_date": "2023-12-18T12:13:49.175000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1114"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
},
{
"trust": 2.1,
"url": "http://www.cert.org/advisories/ca-2003-06.html"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6904"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/html.charters/sip-charter.html"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/rfc/rfc3261.txt"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/ "
},
{
"trust": 0.8,
"url": "http://www.mediateam.oulu.fi/projects/redskins/?lang=en"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3665.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2327.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2279.txt"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11379"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4442"
},
{
"trust": 0.3,
"url": "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php"
},
{
"trust": 0.3,
"url": "http://www.fsf.org/software/osip/osip.html"
},
{
"trust": 0.3,
"url": "http://www.partysip.org/"
},
{
"trust": 0.3,
"url": "http://www.iptel.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=16123"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.iptel.org/ser/security/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/\u003e"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7939"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1114"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-465"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7939"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1114"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-465"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-7939"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2003-02-21T17:04:53",
"db": "PACKETSTORM",
"id": "30838"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1114"
},
{
"date": "2003-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-465"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-7939"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2017-07-11T01:29:45.260000",
"db": "NVD",
"id": "CVE-2003-1114"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-465"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-465"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "6904"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-465"
}
],
"trust": 0.9
}
}
VAR-200312-0087
Vulnerability from variot - Updated: 2023-12-18 12:13The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation. SIP is part of the IETF standards process, and it builds on foundations such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext Transfer Protocol). It is used to establish, change and terminate calls between users based on IP networks. These vulnerabilities include buffer overflow and improper handling of request messages containing illegal headers, which can cause buffer overflow on devices running this protocol, resulting in denial of service, and may also cause unauthorized access or remote execution of arbitrary commands. Cisco IP Telephony Modules 7940 and 7960 have these vulnerabilities, which can cause denial of service, and are documented in Cisco Bug IDs CSCdz26317, CSCdz29003, CSCdz29033, and CSCdz29041. Versions running Cisco IOS 12.2T train or any 12.2 \'\'X\'\' train will reset due to incorrect handling of SIP protocols containing illegal headers. These vulnerabilities are documented in Cisco Bug IDs CSCdz39284 and CSCdz41124. Devices running an IOS version with this vulnerability and configured as a SIP gateway will cause the vulnerability generated by CSCdz39284. However, any version of IOS running with this vulnerability and configured in NAT mode will cause the vulnerability described by CSCdz41124 when SIP uses UDP for transmission. The Cisco PIX firewall resets when it receives a fragmented SIP INVITE message. Since the current SIP patch does not support fragmented SIP messages, the vulnerability described by Cisco Bug ID CSCdx47789 is temporarily patched by dropping SIP fragments.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
Original release date: February 21, 2003 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file. Other systems making use of SIP may also be vulnerable but were not specifically tested. Not all SIP implementations are affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from VU#528719. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
I. SIP is a text-based protocol for initiating communication and data sessions between users.
The Oulu University Secure Programming Group (OUSPG) previously conducted research into vulnerabilities in LDAP, culminating in CERT Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03.
OUSPG's most recent research focused on a subset of SIP related to the INVITE message, which SIP agents and proxies are required to accept in order to set up sessions. Note that "throttling" is an expected behavior.
Specifications for the Session Initiation Protocol are available in RFC3261:
http://www.ietf.org/rfc/rfc3261.txt
OUSPG has established the following site with detailed documentation regarding SIP and the implementation test results from the test suite:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
The IETF Charter page for SIP is available at
http://www.ietf.org/html.charters/sip-charter.html
II. Impact
Exploitation of these vulnerabilities may result in denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain unauthorized access to the affected device. Specific impacts will vary from product to product.
III. Solution
Many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this
advisory. Please consult this appendix and VU#528719 to determine
if your product is vulnerable. If a statement is unavailable, you
may need to contact your vendor directly.
Disable the SIP-enabled devices and services
As a general rule, the CERT/CC recommends disabling any service or
capability that is not explicitly required. Some of the affected
products may rely on SIP to be functional. You should carefully
consider the impact of blocking services that you may be using.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of
these vulnerabilities by blocking access to SIP devices and
services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a
network under your administrative control. Servers are typically
the only machines that need to accept inbound traffic from the
public Internet. Note that most SIP User Agents (including IP
phones or "clien"t software) consist of a User Agent Client and a
User Agent Server. In the network usage policy of many sites, there
are few reasons for external hosts to initiate inbound traffic to
machines that provide no public services. Thus, ingress filtering
should be performed at the border to prohibit externally initiated
inbound traffic to non-authorized services.
Please note that this workaround may not protect vulnerable devices
from internal attacks.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need
for machines providing public services to initiate outbound traffic
to the Internet. In the case of the SIP vulnerabilities, employing
egress filtering on the ports listed above at your network border
may prevent your network from being used as a source for attacks on
other sites.
Block SIP requests directed to broadcast addresses at your router.
Since SIP requests can be transmitted via UDP, broadcast attacks
are possible. One solution to prevent your site from being used as
an intermediary in an attack is to block SIP requests directed to
broadcast addresses at your router.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
America Online Inc
Not vulnerable.
Apple Computer Inc.
There are currently no applications shipped by Apple with Mac OS X
or Mac OS X Server which make use of the Session Initiation
Protocol.
Borderware
No BorderWare products make use of SIP and thus no BorderWare
products are affected by this vulnerability.
We would however like to extend our thanks to the OUSPG for their
work as well as for the responsible manner in which they handle
their discoveries. Their detailed reports and test suites are
certainly well-received.
We would also like to reiterate the fact that SIP has yet to
mature, protocol-wise as well as implementation-wise. We do not
recommend that our customers set up SIP relays in parallel to our
firewall products to pass SIP-based applications in or out of
networks where security is a concern of note.
F5 Networks
F5 Networks does not have a SIP server product, and is therefore
not affected by this vulnerability.
Fujitsu
With regards to VU#528719, Fujitsu's UXP/V o.s. is not vulnerable
because the relevant function is not supported under UXP/V.
IBM
SIP is not implemented as part of the AIX operating system.
IP Filter
IPFilter does not do any SIP specific protocol handling and is
therefore not affected by the issues mentioned in the paper cited.
IPTel
All versions of SIP Express Router up to 0.8.9 are sadly vulnerable
to the OUSPG test suite. We strongly advice to upgrade to version
0.8.10. Please also apply the patch to version 0.8.10 from
http://www.iptel.org/ser/security/
before installation and keep on watching this site in the future.
We apologize to our users for the trouble.
Hewlett-Packard Company
Source:
Hewlett-Packard Company
Software Security Response Team
cross reference id: SSRT2402
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send
an E-mail message to: mailto:security-alert@hp.com
Lucent
No Lucent products are known to be affected by this vulnerability,
however we are still researching the issue and will update this
statement as needed.
Microsoft Corporation
Microsoft has investigated these issues. The Microsoft SIP client
implementation is not affected.
NEC Corporation
===================================================================
NEC vendor statement for VU#528719
===================================================================
sent on February 13, 2002
Server Products
* EWS/UP 48 Series operating system
* - is NOT vulnerable, because it does not support SIP.
Router Products
* IX 1000 / 2000 / 5000 Series
* - is NOT vulnerable, because it does not support SIP.
Other Network products
* We continue to check our products which support SIP protocol.
===================================================================
NETBSD
NetBSD does not ship any implementation of SIP.
NETfilter.org
As the linux 2.4/2.5 netfilter implementation currently doesn't
support connection tracking or NAT for the SIP protocol suite, we
are not vulnerable to this bug.
NetScreen
NetScreen is not vulnerable to this issue.
Network Appliance
NetApp products are not affected by this vulnerability.
Nokia
Nokia IP Security Platforms based on IPSO, Nokis Small Office
Solution platforms, Nokia VPN products and Nokia Message Protector
platform do not initiate or terminate SIP based sessions. The
mentioned Nokia products are not susceptible to this vulnerability
Nortel Networks
Nortel Networks is cooperating to the fullest extent with the CERT
Coordination Center. All Nortel Networks products that use Session
Initiation Protocol SIP) have been tested and all generally
available products, with the following exceptions, have passed the
test suite:
Succession Communication Server 2000 and Succession Communication
Server 2000 - Compact are impacted by the test suite only in
configurations where SIP-T has been provisioned within the
Communication Server; a software patch is expected to be available
by the end of February.
For further information about Nortel Networks products please
contact Nortel Networks Global Network Support.
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907
9009
Contacts for other regions available at the Global Contact
<http://www.nortelnetworks.com/help/contact/global/> web page.
Novell
Novell has no products implementing SIP.
Secure Computing Corporation
Neither Sidewinder nor Gauntlet implements SIP, so we do not need
to be on the vendor list for this vulnerability.
SecureWorx
We hereby attest that SecureWorx Basilisk Gateway Security product
suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the
Session Initiation Protocol (SIP) Vulnerability VU#528719 as
described in the OUSPG announcement (OUSPG#0106) received on Fri, 8
Nov 2002 10:17:11 -0500.
Stonesoft
Stonesoft's StoneGate high availability firewall and VPN product
does not contain any code that handles SIP protocol. No versions of
StoneGate are vulnerable.
Symantec
Symantec Corporation products are not vulnerable to this issue.
Xerox
Xerox is aware of this vulnerability and is currently assessing all
products. This statement will be updated as new information becomes
available.
Appendix B. - References
1. http://www.ee.oulu.fi/research/ouspg/protos/
2. http://www.kb.cert.org/vuls/id/528719
3. http://www.cert.org/tech_tips/denial_of_service.html
4. http://www.ietf.org/html.charters/sip-charter.html
5. RFC3261 - SIP: Session Initiation Protocol
6. RFC2327 - SDP: Session Description Protocol
7. RFC2279 - UTF-8, a transformation format of ISO 10646
8. Session Initiation Protocol Basic Call Flow Examples
9. We would also like to acknowledge the
"RedSkins" project of "MediaTeam Oulu" for their support of this research.
Feedback on this document can be directed to the authors, Jason A. Rafail and Ian A. Finlay.
This document is available from: http://www.cert.org/advisories/CA-2003-06.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History Feb 21, 2003: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG IXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ 17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O Eisa8/wivlM= =p961 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siparator",
"scope": "eq",
"trust": 1.0,
"vendor": "ingate",
"version": "*"
},
{
"model": "firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "ingate",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cirpack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "columbia sip user agent sipc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dynamicsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iptel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediatrix telecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pingtel",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "siparator",
"scope": null,
"trust": 0.6,
"vendor": "ingate",
"version": null
},
{
"model": "firewall",
"scope": null,
"trust": 0.6,
"vendor": "ingate",
"version": null
},
{
"model": "partysip",
"scope": "ne",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.6"
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "appengine",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "ne",
"trust": 0.3,
"vendor": "columbia",
"version": "2.0"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.9"
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3-1"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "osip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.5"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.4"
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server compact",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000-"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.0"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1-1"
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "eq",
"trust": 0.3,
"vendor": "columbia",
"version": "1.74"
},
{
"model": "osip",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.5"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1"
},
{
"model": "c++ sip user agent",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "5.0"
},
{
"model": "sip express router",
"scope": "ne",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "6.0"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2-1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.8"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "NVD",
"id": "CVE-2003-1112"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-209"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ingate:ingate_firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ingate:ingate_siparator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1112"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oulu University Secure Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-209"
}
],
"trust": 0.6
},
"cve": "CVE-2003-1112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7937",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-1112",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#528719",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7937",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7937"
},
{
"db": "NVD",
"id": "CVE-2003-1112"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-209"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. \nThese issues are related to handling of SIP INVITE messages. \nExploitation and the specific nature of each vulnerability may depend on the particular implementation. SIP is part of the IETF standards process, and it builds on foundations such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext Transfer Protocol). It is used to establish, change and terminate calls between users based on IP networks. These vulnerabilities include buffer overflow and improper handling of request messages containing illegal headers, which can cause buffer overflow on devices running this protocol, resulting in denial of service, and may also cause unauthorized access or remote execution of arbitrary commands. Cisco IP Telephony Modules 7940 and 7960 have these vulnerabilities, which can cause denial of service, and are documented in Cisco Bug IDs CSCdz26317, CSCdz29003, CSCdz29033, and CSCdz29041. Versions running Cisco IOS 12.2T train or any 12.2 \\\u0027\\\u0027X\\\u0027\\\u0027 train will reset due to incorrect handling of SIP protocols containing illegal headers. These vulnerabilities are documented in Cisco Bug IDs CSCdz39284 and CSCdz41124. Devices running an IOS version with this vulnerability and configured as a SIP gateway will cause the vulnerability generated by CSCdz39284. However, any version of IOS running with this vulnerability and configured in NAT mode will cause the vulnerability described by CSCdz41124 when SIP uses UDP for transmission. The Cisco PIX firewall resets when it receives a fragmented SIP INVITE message. Since the current SIP patch does not support fragmented SIP messages, the vulnerability described by Cisco Bug ID CSCdx47789 is temporarily patched by dropping SIP fragments. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the\nSession Initiation Protocol (SIP)\n\n Original release date: February 21, 2003\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n Other systems making use of SIP may also be vulnerable but were not\n specifically tested. Not all SIP implementations are affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from VU#528719. These\n vulnerabilities may allow an attacker to gain unauthorized privileged\n access, cause denial-of-service attacks, or cause unstable system\n behavior. If your site uses SIP-enabled products in any capacity, the\n CERT/CC encourages you to read this advisory and follow the advice\n provided in the Solution section below. \n\nI. \n SIP is a text-based protocol for initiating communication and data\n sessions between users. \n\n The Oulu University Secure Programming Group (OUSPG) previously\n conducted research into vulnerabilities in LDAP, culminating in CERT\n Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03. \n\n OUSPG\u0027s most recent research focused on a subset of SIP related to the\n INVITE message, which SIP agents and proxies are required to accept in\n order to set up sessions. Note that \"throttling\" is an expected\n behavior. \n\n Specifications for the Session Initiation Protocol are available in\n RFC3261:\n\n http://www.ietf.org/rfc/rfc3261.txt\n\n OUSPG has established the following site with detailed documentation\n regarding SIP and the implementation test results from the test suite:\n\n http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/\n\n The IETF Charter page for SIP is available at\n\n http://www.ietf.org/html.charters/sip-charter.html\n\nII. Impact\n\n Exploitation of these vulnerabilities may result in denial-of-service\n conditions, service interruptions, and in some cases may allow an\n attacker to gain unauthorized access to the affected device. Specific\n impacts will vary from product to product. \n\nIII. Solution\n\n Many of the mitigation steps recommended below may have significant\n impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\n Apply a patch from your vendor\n\n Appendix A contains information provided by vendors for this\n advisory. Please consult this appendix and VU#528719 to determine\n if your product is vulnerable. If a statement is unavailable, you\n may need to contact your vendor directly. \n\n Disable the SIP-enabled devices and services\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required. Some of the affected\n products may rely on SIP to be functional. You should carefully\n consider the impact of blocking services that you may be using. \n\n Ingress filtering\n\n As a temporary measure, it may be possible to limit the scope of\n these vulnerabilities by blocking access to SIP devices and\n services at the network perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a\n network under your administrative control. Servers are typically\n the only machines that need to accept inbound traffic from the\n public Internet. Note that most SIP User Agents (including IP\n phones or \"clien\"t software) consist of a User Agent Client and a\n User Agent Server. In the network usage policy of many sites, there\n are few reasons for external hosts to initiate inbound traffic to\n machines that provide no public services. Thus, ingress filtering\n should be performed at the border to prohibit externally initiated\n inbound traffic to non-authorized services. \n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\n Egress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need\n for machines providing public services to initiate outbound traffic\n to the Internet. In the case of the SIP vulnerabilities, employing\n egress filtering on the ports listed above at your network border\n may prevent your network from being used as a source for attacks on\n other sites. \n\n Block SIP requests directed to broadcast addresses at your router. \n\n Since SIP requests can be transmitted via UDP, broadcast attacks\n are possible. One solution to prevent your site from being used as\n an intermediary in an attack is to block SIP requests directed to\n broadcast addresses at your router. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\n America Online Inc\n\n Not vulnerable. \n\n Apple Computer Inc. \n\n There are currently no applications shipped by Apple with Mac OS X\n or Mac OS X Server which make use of the Session Initiation\n Protocol. \n\n Borderware\n\n No BorderWare products make use of SIP and thus no BorderWare\n products are affected by this vulnerability. \n We would however like to extend our thanks to the OUSPG for their\n work as well as for the responsible manner in which they handle\n their discoveries. Their detailed reports and test suites are\n certainly well-received. \n We would also like to reiterate the fact that SIP has yet to\n mature, protocol-wise as well as implementation-wise. We do not\n recommend that our customers set up SIP relays in parallel to our\n firewall products to pass SIP-based applications in or out of\n networks where security is a concern of note. \n\n F5 Networks\n\n F5 Networks does not have a SIP server product, and is therefore\n not affected by this vulnerability. \n\n Fujitsu\n\n With regards to VU#528719, Fujitsu\u0027s UXP/V o.s. is not vulnerable\n because the relevant function is not supported under UXP/V. \n\n IBM\n\n SIP is not implemented as part of the AIX operating system. \n\n IP Filter\n\n IPFilter does not do any SIP specific protocol handling and is\n therefore not affected by the issues mentioned in the paper cited. \n\n IPTel\n\n All versions of SIP Express Router up to 0.8.9 are sadly vulnerable\n to the OUSPG test suite. We strongly advice to upgrade to version\n 0.8.10. Please also apply the patch to version 0.8.10 from\n http://www.iptel.org/ser/security/\n before installation and keep on watching this site in the future. \n We apologize to our users for the trouble. \n\n Hewlett-Packard Company\n\n Source:\n Hewlett-Packard Company\n Software Security Response Team\n cross reference id: SSRT2402\n\n HP-UX - not vulnerable\n HP-MPE/ix - not vulnerable\n HP Tru64 UNIX - not vulnerable\n HP OpenVMS - not vulnerable\n HP NonStop Servers - not vulnerable\n\n To report potential security vulnerabilities in HP software, send\n an E-mail message to: mailto:security-alert@hp.com\n\n Lucent\n\n No Lucent products are known to be affected by this vulnerability,\n however we are still researching the issue and will update this\n statement as needed. \n\n Microsoft Corporation\n\n Microsoft has investigated these issues. The Microsoft SIP client\n implementation is not affected. \n\n NEC Corporation\n\n ===================================================================\n NEC vendor statement for VU#528719\n ===================================================================\n\n sent on February 13, 2002\n Server Products\n * EWS/UP 48 Series operating system\n * - is NOT vulnerable, because it does not support SIP. \n\n Router Products\n * IX 1000 / 2000 / 5000 Series\n * - is NOT vulnerable, because it does not support SIP. \n\n Other Network products\n * We continue to check our products which support SIP protocol. \n\n ===================================================================\n\n NETBSD\n\n NetBSD does not ship any implementation of SIP. \n\n NETfilter.org\n\n As the linux 2.4/2.5 netfilter implementation currently doesn\u0027t\n support connection tracking or NAT for the SIP protocol suite, we\n are not vulnerable to this bug. \n\n NetScreen\n\n NetScreen is not vulnerable to this issue. \n\n Network Appliance\n\n NetApp products are not affected by this vulnerability. \n\n Nokia\n\n Nokia IP Security Platforms based on IPSO, Nokis Small Office\n Solution platforms, Nokia VPN products and Nokia Message Protector\n platform do not initiate or terminate SIP based sessions. The\n mentioned Nokia products are not susceptible to this vulnerability\n\n Nortel Networks\n\n Nortel Networks is cooperating to the fullest extent with the CERT\n Coordination Center. All Nortel Networks products that use Session\n Initiation Protocol SIP) have been tested and all generally\n available products, with the following exceptions, have passed the\n test suite:\n\n Succession Communication Server 2000 and Succession Communication\n Server 2000 - Compact are impacted by the test suite only in\n configurations where SIP-T has been provisioned within the\n Communication Server; a software patch is expected to be available\n by the end of February. \n\n For further information about Nortel Networks products please\n contact Nortel Networks Global Network Support. \n\n North America: 1-800-4-NORTEL, or (1-800-466-7835)\n Europe, Middle East \u0026 Africa: 00800 8008 9009, or +44 (0) 870 907\n 9009\n\n Contacts for other regions available at the Global Contact\n \u003chttp://www.nortelnetworks.com/help/contact/global/\u003e web page. \n\n Novell\n\n Novell has no products implementing SIP. \n\n Secure Computing Corporation\n\n Neither Sidewinder nor Gauntlet implements SIP, so we do not need\n to be on the vendor list for this vulnerability. \n\n SecureWorx\n\n We hereby attest that SecureWorx Basilisk Gateway Security product\n suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the\n Session Initiation Protocol (SIP) Vulnerability VU#528719 as\n described in the OUSPG announcement (OUSPG#0106) received on Fri, 8\n Nov 2002 10:17:11 -0500. \n\n Stonesoft\n\n Stonesoft\u0027s StoneGate high availability firewall and VPN product\n does not contain any code that handles SIP protocol. No versions of\n StoneGate are vulnerable. \n\n Symantec\n\n Symantec Corporation products are not vulnerable to this issue. \n\n Xerox\n\n Xerox is aware of this vulnerability and is currently assessing all\n products. This statement will be updated as new information becomes\n available. \n\nAppendix B. - References\n\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/528719\n 3. http://www.cert.org/tech_tips/denial_of_service.html\n 4. http://www.ietf.org/html.charters/sip-charter.html\n 5. RFC3261 - SIP: Session Initiation Protocol\n 6. RFC2327 - SDP: Session Description Protocol\n 7. RFC2279 - UTF-8, a transformation format of ISO 10646\n 8. Session Initiation Protocol Basic Call Flow Examples \n 9. We would also like to acknowledge the\n \"RedSkins\" project of \"MediaTeam Oulu\" for their support of this\n research. \n _________________________________________________________________\n\n Feedback on this document can be directed to the authors, \n Jason A. Rafail and Ian A. Finlay. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2003-06.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2003 Carnegie Mellon University. \n\n Revision History\n Feb 21, 2003: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG\nIXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ\n17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O\nEisa8/wivlM=\n=p961\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1112"
},
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "VULHUB",
"id": "VHN-7937"
},
{
"db": "PACKETSTORM",
"id": "30838"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719",
"trust": 2.9
},
{
"db": "BID",
"id": "6904",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2003-1112",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200312-209",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "CA-2003-06",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4442",
"trust": 0.6
},
{
"db": "XF",
"id": "11379",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7937",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30838",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7937"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1112"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-209"
}
]
},
"id": "VAR-200312-0087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7937"
}
],
"trust": 0.47675563
},
"last_update_date": "2023-12-18T12:13:49.143000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
},
{
"trust": 2.1,
"url": "http://www.cert.org/advisories/ca-2003-06.html"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6904"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/html.charters/sip-charter.html"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/rfc/rfc3261.txt"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/ "
},
{
"trust": 0.8,
"url": "http://www.mediateam.oulu.fi/projects/redskins/?lang=en"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3665.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2327.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2279.txt"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11379"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4442"
},
{
"trust": 0.3,
"url": "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php"
},
{
"trust": 0.3,
"url": "http://www.fsf.org/software/osip/osip.html"
},
{
"trust": 0.3,
"url": "http://www.partysip.org/"
},
{
"trust": 0.3,
"url": "http://www.iptel.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=16123"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.iptel.org/ser/security/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/\u003e"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7937"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1112"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7937"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1112"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-7937"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2003-02-21T17:04:53",
"db": "PACKETSTORM",
"id": "30838"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1112"
},
{
"date": "2003-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-7937"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2017-07-11T01:29:45.150000",
"db": "NVD",
"id": "CVE-2003-1112"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-209"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "6904"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-209"
}
],
"trust": 0.9
}
}
VAR-200312-0090
Vulnerability from variot - Updated: 2023-12-18 12:13The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
Original release date: February 21, 2003 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file. Other systems making use of SIP may also be vulnerable but were not specifically tested. Not all SIP implementations are affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from VU#528719. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
I. SIP is a text-based protocol for initiating communication and data sessions between users.
The Oulu University Secure Programming Group (OUSPG) previously conducted research into vulnerabilities in LDAP, culminating in CERT Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03.
OUSPG's most recent research focused on a subset of SIP related to the INVITE message, which SIP agents and proxies are required to accept in order to set up sessions. Note that "throttling" is an expected behavior.
Specifications for the Session Initiation Protocol are available in RFC3261:
http://www.ietf.org/rfc/rfc3261.txt
OUSPG has established the following site with detailed documentation regarding SIP and the implementation test results from the test suite:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
The IETF Charter page for SIP is available at
http://www.ietf.org/html.charters/sip-charter.html
II. Impact
Exploitation of these vulnerabilities may result in denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain unauthorized access to the affected device. Specific impacts will vary from product to product.
III. Solution
Many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this
advisory. Please consult this appendix and VU#528719 to determine
if your product is vulnerable. If a statement is unavailable, you
may need to contact your vendor directly.
Disable the SIP-enabled devices and services
As a general rule, the CERT/CC recommends disabling any service or
capability that is not explicitly required. Some of the affected
products may rely on SIP to be functional. You should carefully
consider the impact of blocking services that you may be using.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of
these vulnerabilities by blocking access to SIP devices and
services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a
network under your administrative control. Servers are typically
the only machines that need to accept inbound traffic from the
public Internet. Note that most SIP User Agents (including IP
phones or "clien"t software) consist of a User Agent Client and a
User Agent Server. In the network usage policy of many sites, there
are few reasons for external hosts to initiate inbound traffic to
machines that provide no public services. Thus, ingress filtering
should be performed at the border to prohibit externally initiated
inbound traffic to non-authorized services.
Please note that this workaround may not protect vulnerable devices
from internal attacks.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need
for machines providing public services to initiate outbound traffic
to the Internet. In the case of the SIP vulnerabilities, employing
egress filtering on the ports listed above at your network border
may prevent your network from being used as a source for attacks on
other sites.
Block SIP requests directed to broadcast addresses at your router.
Since SIP requests can be transmitted via UDP, broadcast attacks
are possible. One solution to prevent your site from being used as
an intermediary in an attack is to block SIP requests directed to
broadcast addresses at your router.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
America Online Inc
Not vulnerable.
Apple Computer Inc.
There are currently no applications shipped by Apple with Mac OS X
or Mac OS X Server which make use of the Session Initiation
Protocol.
Borderware
No BorderWare products make use of SIP and thus no BorderWare
products are affected by this vulnerability.
We would however like to extend our thanks to the OUSPG for their
work as well as for the responsible manner in which they handle
their discoveries. Their detailed reports and test suites are
certainly well-received.
We would also like to reiterate the fact that SIP has yet to
mature, protocol-wise as well as implementation-wise. We do not
recommend that our customers set up SIP relays in parallel to our
firewall products to pass SIP-based applications in or out of
networks where security is a concern of note.
F5 Networks
F5 Networks does not have a SIP server product, and is therefore
not affected by this vulnerability.
Fujitsu
With regards to VU#528719, Fujitsu's UXP/V o.s. is not vulnerable
because the relevant function is not supported under UXP/V.
IBM
SIP is not implemented as part of the AIX operating system.
IP Filter
IPFilter does not do any SIP specific protocol handling and is
therefore not affected by the issues mentioned in the paper cited.
IPTel
All versions of SIP Express Router up to 0.8.9 are sadly vulnerable
to the OUSPG test suite. We strongly advice to upgrade to version
0.8.10. Please also apply the patch to version 0.8.10 from
http://www.iptel.org/ser/security/
before installation and keep on watching this site in the future.
We apologize to our users for the trouble.
Hewlett-Packard Company
Source:
Hewlett-Packard Company
Software Security Response Team
cross reference id: SSRT2402
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send
an E-mail message to: mailto:security-alert@hp.com
Lucent
No Lucent products are known to be affected by this vulnerability,
however we are still researching the issue and will update this
statement as needed.
Microsoft Corporation
Microsoft has investigated these issues. The Microsoft SIP client
implementation is not affected.
NEC Corporation
===================================================================
NEC vendor statement for VU#528719
===================================================================
sent on February 13, 2002
Server Products
* EWS/UP 48 Series operating system
* - is NOT vulnerable, because it does not support SIP.
Router Products
* IX 1000 / 2000 / 5000 Series
* - is NOT vulnerable, because it does not support SIP.
Other Network products
* We continue to check our products which support SIP protocol.
===================================================================
NETBSD
NetBSD does not ship any implementation of SIP.
NETfilter.org
As the linux 2.4/2.5 netfilter implementation currently doesn't
support connection tracking or NAT for the SIP protocol suite, we
are not vulnerable to this bug.
NetScreen
NetScreen is not vulnerable to this issue.
Network Appliance
NetApp products are not affected by this vulnerability.
Nokia
Nokia IP Security Platforms based on IPSO, Nokis Small Office
Solution platforms, Nokia VPN products and Nokia Message Protector
platform do not initiate or terminate SIP based sessions. The
mentioned Nokia products are not susceptible to this vulnerability
Nortel Networks
Nortel Networks is cooperating to the fullest extent with the CERT
Coordination Center.
For further information about Nortel Networks products please
contact Nortel Networks Global Network Support.
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907
9009
Contacts for other regions available at the Global Contact
<http://www.nortelnetworks.com/help/contact/global/> web page.
Novell
Novell has no products implementing SIP.
Secure Computing Corporation
Neither Sidewinder nor Gauntlet implements SIP, so we do not need
to be on the vendor list for this vulnerability.
SecureWorx
We hereby attest that SecureWorx Basilisk Gateway Security product
suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the
Session Initiation Protocol (SIP) Vulnerability VU#528719 as
described in the OUSPG announcement (OUSPG#0106) received on Fri, 8
Nov 2002 10:17:11 -0500.
Stonesoft
Stonesoft's StoneGate high availability firewall and VPN product
does not contain any code that handles SIP protocol. No versions of
StoneGate are vulnerable.
Symantec
Symantec Corporation products are not vulnerable to this issue.
Xerox
Xerox is aware of this vulnerability and is currently assessing all
products. This statement will be updated as new information becomes
available.
Appendix B. - References
1. http://www.ee.oulu.fi/research/ouspg/protos/
2. http://www.kb.cert.org/vuls/id/528719
3. http://www.cert.org/tech_tips/denial_of_service.html
4. http://www.ietf.org/html.charters/sip-charter.html
5. RFC3261 - SIP: Session Initiation Protocol
6. RFC2327 - SDP: Session Description Protocol
7. RFC2279 - UTF-8, a transformation format of ISO 10646
8. Session Initiation Protocol Basic Call Flow Examples
9. We would also like to acknowledge the
"RedSkins" project of "MediaTeam Oulu" for their support of this research.
Feedback on this document can be directed to the authors, Jason A. Rafail and Ian A. Finlay.
This document is available from: http://www.cert.org/advisories/CA-2003-06.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History Feb 21, 2003: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG IXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ 17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O Eisa8/wivlM= =p961 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0090",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "succession communication server 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "nortel",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cirpack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "columbia sip user agent sipc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dynamicsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iptel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediatrix telecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pingtel",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "succession communication server 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "nortel",
"version": "compact"
},
{
"model": "succession communication server 2000",
"scope": null,
"trust": 0.6,
"vendor": "nortel",
"version": null
},
{
"model": "partysip",
"scope": "ne",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.6"
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "appengine",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "ne",
"trust": 0.3,
"vendor": "columbia",
"version": "2.0"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.9"
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3-1"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "osip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.5"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.4"
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server compact",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000-"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.0"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1-1"
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "eq",
"trust": 0.3,
"vendor": "columbia",
"version": "1.74"
},
{
"model": "osip",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.5"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1"
},
{
"model": "c++ sip user agent",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "5.0"
},
{
"model": "sip express router",
"scope": "ne",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "6.0"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2-1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.8"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "NVD",
"id": "CVE-2003-1115"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-207"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortel:succession_communication_server_2000:*:*:compact:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:nortel:succession_communication_server_2000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1115"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oulu University Secure Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-207"
}
],
"trust": 0.6
},
"cve": "CVE-2003-1115",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-1115",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#528719",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-207",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "NVD",
"id": "CVE-2003-1115"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. \nThese issues are related to handling of SIP INVITE messages. \nExploitation and the specific nature of each vulnerability may depend on the particular implementation. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the\nSession Initiation Protocol (SIP)\n\n Original release date: February 21, 2003\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n Other systems making use of SIP may also be vulnerable but were not\n specifically tested. Not all SIP implementations are affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from VU#528719. These\n vulnerabilities may allow an attacker to gain unauthorized privileged\n access, cause denial-of-service attacks, or cause unstable system\n behavior. If your site uses SIP-enabled products in any capacity, the\n CERT/CC encourages you to read this advisory and follow the advice\n provided in the Solution section below. \n\nI. \n SIP is a text-based protocol for initiating communication and data\n sessions between users. \n\n The Oulu University Secure Programming Group (OUSPG) previously\n conducted research into vulnerabilities in LDAP, culminating in CERT\n Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03. \n\n OUSPG\u0027s most recent research focused on a subset of SIP related to the\n INVITE message, which SIP agents and proxies are required to accept in\n order to set up sessions. Note that \"throttling\" is an expected\n behavior. \n\n Specifications for the Session Initiation Protocol are available in\n RFC3261:\n\n http://www.ietf.org/rfc/rfc3261.txt\n\n OUSPG has established the following site with detailed documentation\n regarding SIP and the implementation test results from the test suite:\n\n http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/\n\n The IETF Charter page for SIP is available at\n\n http://www.ietf.org/html.charters/sip-charter.html\n\nII. Impact\n\n Exploitation of these vulnerabilities may result in denial-of-service\n conditions, service interruptions, and in some cases may allow an\n attacker to gain unauthorized access to the affected device. Specific\n impacts will vary from product to product. \n\nIII. Solution\n\n Many of the mitigation steps recommended below may have significant\n impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\n Apply a patch from your vendor\n\n Appendix A contains information provided by vendors for this\n advisory. Please consult this appendix and VU#528719 to determine\n if your product is vulnerable. If a statement is unavailable, you\n may need to contact your vendor directly. \n\n Disable the SIP-enabled devices and services\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required. Some of the affected\n products may rely on SIP to be functional. You should carefully\n consider the impact of blocking services that you may be using. \n\n Ingress filtering\n\n As a temporary measure, it may be possible to limit the scope of\n these vulnerabilities by blocking access to SIP devices and\n services at the network perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a\n network under your administrative control. Servers are typically\n the only machines that need to accept inbound traffic from the\n public Internet. Note that most SIP User Agents (including IP\n phones or \"clien\"t software) consist of a User Agent Client and a\n User Agent Server. In the network usage policy of many sites, there\n are few reasons for external hosts to initiate inbound traffic to\n machines that provide no public services. Thus, ingress filtering\n should be performed at the border to prohibit externally initiated\n inbound traffic to non-authorized services. \n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\n Egress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need\n for machines providing public services to initiate outbound traffic\n to the Internet. In the case of the SIP vulnerabilities, employing\n egress filtering on the ports listed above at your network border\n may prevent your network from being used as a source for attacks on\n other sites. \n\n Block SIP requests directed to broadcast addresses at your router. \n\n Since SIP requests can be transmitted via UDP, broadcast attacks\n are possible. One solution to prevent your site from being used as\n an intermediary in an attack is to block SIP requests directed to\n broadcast addresses at your router. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\n America Online Inc\n\n Not vulnerable. \n\n Apple Computer Inc. \n\n There are currently no applications shipped by Apple with Mac OS X\n or Mac OS X Server which make use of the Session Initiation\n Protocol. \n\n Borderware\n\n No BorderWare products make use of SIP and thus no BorderWare\n products are affected by this vulnerability. \n We would however like to extend our thanks to the OUSPG for their\n work as well as for the responsible manner in which they handle\n their discoveries. Their detailed reports and test suites are\n certainly well-received. \n We would also like to reiterate the fact that SIP has yet to\n mature, protocol-wise as well as implementation-wise. We do not\n recommend that our customers set up SIP relays in parallel to our\n firewall products to pass SIP-based applications in or out of\n networks where security is a concern of note. \n\n F5 Networks\n\n F5 Networks does not have a SIP server product, and is therefore\n not affected by this vulnerability. \n\n Fujitsu\n\n With regards to VU#528719, Fujitsu\u0027s UXP/V o.s. is not vulnerable\n because the relevant function is not supported under UXP/V. \n\n IBM\n\n SIP is not implemented as part of the AIX operating system. \n\n IP Filter\n\n IPFilter does not do any SIP specific protocol handling and is\n therefore not affected by the issues mentioned in the paper cited. \n\n IPTel\n\n All versions of SIP Express Router up to 0.8.9 are sadly vulnerable\n to the OUSPG test suite. We strongly advice to upgrade to version\n 0.8.10. Please also apply the patch to version 0.8.10 from\n http://www.iptel.org/ser/security/\n before installation and keep on watching this site in the future. \n We apologize to our users for the trouble. \n\n Hewlett-Packard Company\n\n Source:\n Hewlett-Packard Company\n Software Security Response Team\n cross reference id: SSRT2402\n\n HP-UX - not vulnerable\n HP-MPE/ix - not vulnerable\n HP Tru64 UNIX - not vulnerable\n HP OpenVMS - not vulnerable\n HP NonStop Servers - not vulnerable\n\n To report potential security vulnerabilities in HP software, send\n an E-mail message to: mailto:security-alert@hp.com\n\n Lucent\n\n No Lucent products are known to be affected by this vulnerability,\n however we are still researching the issue and will update this\n statement as needed. \n\n Microsoft Corporation\n\n Microsoft has investigated these issues. The Microsoft SIP client\n implementation is not affected. \n\n NEC Corporation\n\n ===================================================================\n NEC vendor statement for VU#528719\n ===================================================================\n\n sent on February 13, 2002\n Server Products\n * EWS/UP 48 Series operating system\n * - is NOT vulnerable, because it does not support SIP. \n\n Router Products\n * IX 1000 / 2000 / 5000 Series\n * - is NOT vulnerable, because it does not support SIP. \n\n Other Network products\n * We continue to check our products which support SIP protocol. \n\n ===================================================================\n\n NETBSD\n\n NetBSD does not ship any implementation of SIP. \n\n NETfilter.org\n\n As the linux 2.4/2.5 netfilter implementation currently doesn\u0027t\n support connection tracking or NAT for the SIP protocol suite, we\n are not vulnerable to this bug. \n\n NetScreen\n\n NetScreen is not vulnerable to this issue. \n\n Network Appliance\n\n NetApp products are not affected by this vulnerability. \n\n Nokia\n\n Nokia IP Security Platforms based on IPSO, Nokis Small Office\n Solution platforms, Nokia VPN products and Nokia Message Protector\n platform do not initiate or terminate SIP based sessions. The\n mentioned Nokia products are not susceptible to this vulnerability\n\n Nortel Networks\n\n Nortel Networks is cooperating to the fullest extent with the CERT\n Coordination Center. \n\n For further information about Nortel Networks products please\n contact Nortel Networks Global Network Support. \n\n North America: 1-800-4-NORTEL, or (1-800-466-7835)\n Europe, Middle East \u0026 Africa: 00800 8008 9009, or +44 (0) 870 907\n 9009\n\n Contacts for other regions available at the Global Contact\n \u003chttp://www.nortelnetworks.com/help/contact/global/\u003e web page. \n\n Novell\n\n Novell has no products implementing SIP. \n\n Secure Computing Corporation\n\n Neither Sidewinder nor Gauntlet implements SIP, so we do not need\n to be on the vendor list for this vulnerability. \n\n SecureWorx\n\n We hereby attest that SecureWorx Basilisk Gateway Security product\n suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the\n Session Initiation Protocol (SIP) Vulnerability VU#528719 as\n described in the OUSPG announcement (OUSPG#0106) received on Fri, 8\n Nov 2002 10:17:11 -0500. \n\n Stonesoft\n\n Stonesoft\u0027s StoneGate high availability firewall and VPN product\n does not contain any code that handles SIP protocol. No versions of\n StoneGate are vulnerable. \n\n Symantec\n\n Symantec Corporation products are not vulnerable to this issue. \n\n Xerox\n\n Xerox is aware of this vulnerability and is currently assessing all\n products. This statement will be updated as new information becomes\n available. \n\nAppendix B. - References\n\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/528719\n 3. http://www.cert.org/tech_tips/denial_of_service.html\n 4. http://www.ietf.org/html.charters/sip-charter.html\n 5. RFC3261 - SIP: Session Initiation Protocol\n 6. RFC2327 - SDP: Session Description Protocol\n 7. RFC2279 - UTF-8, a transformation format of ISO 10646\n 8. Session Initiation Protocol Basic Call Flow Examples \n 9. We would also like to acknowledge the\n \"RedSkins\" project of \"MediaTeam Oulu\" for their support of this\n research. \n _________________________________________________________________\n\n Feedback on this document can be directed to the authors, \n Jason A. Rafail and Ian A. Finlay. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2003-06.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2003 Carnegie Mellon University. \n\n Revision History\n Feb 21, 2003: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG\nIXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ\n17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O\nEisa8/wivlM=\n=p961\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1115"
},
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719",
"trust": 2.8
},
{
"db": "BID",
"id": "6904",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2003-1115",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "CA-2003-06",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4442",
"trust": 0.6
},
{
"db": "XF",
"id": "11379",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200312-207",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "30838",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1115"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-207"
}
]
},
"id": "VAR-200312-0090",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37675563
},
"last_update_date": "2023-12-18T12:13:49.106000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1115"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
},
{
"trust": 2.0,
"url": "http://www.cert.org/advisories/ca-2003-06.html"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/6904"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/html.charters/sip-charter.html"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/rfc/rfc3261.txt"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/ "
},
{
"trust": 0.8,
"url": "http://www.mediateam.oulu.fi/projects/redskins/?lang=en"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3665.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2327.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2279.txt"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11379"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4442"
},
{
"trust": 0.3,
"url": "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php"
},
{
"trust": 0.3,
"url": "http://www.fsf.org/software/osip/osip.html"
},
{
"trust": 0.3,
"url": "http://www.partysip.org/"
},
{
"trust": 0.3,
"url": "http://www.iptel.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=16123"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.iptel.org/ser/security/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/\u003e"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1115"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1115"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2003-02-21T17:04:53",
"db": "PACKETSTORM",
"id": "30838"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1115"
},
{
"date": "2003-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2017-07-11T01:29:45.307000",
"db": "NVD",
"id": "CVE-2003-1115"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "6904"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-207"
}
],
"trust": 0.9
}
}
VAR-200312-0209
Vulnerability from variot - Updated: 2023-12-18 12:13The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. Provided by many vendors SIP For service implementation, SIP Used when establishing a session INVITE Malicious due to poor message processing INVITE Service disruption by creating and sending requests (DoS) There is a vulnerability that becomes a condition.SIP Service disrupted service operation (DoS) State, or SIP Arbitrary code may be executed with the privilege of executing the service. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
Original release date: February 21, 2003 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file. Other systems making use of SIP may also be vulnerable but were not specifically tested. Not all SIP implementations are affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from VU#528719. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
I. SIP is a text-based protocol for initiating communication and data sessions between users.
The Oulu University Secure Programming Group (OUSPG) previously conducted research into vulnerabilities in LDAP, culminating in CERT Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03.
OUSPG's most recent research focused on a subset of SIP related to the INVITE message, which SIP agents and proxies are required to accept in order to set up sessions. Note that "throttling" is an expected behavior.
Specifications for the Session Initiation Protocol are available in RFC3261:
http://www.ietf.org/rfc/rfc3261.txt
OUSPG has established the following site with detailed documentation regarding SIP and the implementation test results from the test suite:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
The IETF Charter page for SIP is available at
http://www.ietf.org/html.charters/sip-charter.html
II. Impact
Exploitation of these vulnerabilities may result in denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain unauthorized access to the affected device. Specific impacts will vary from product to product.
III. Solution
Many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this
advisory. Please consult this appendix and VU#528719 to determine
if your product is vulnerable. If a statement is unavailable, you
may need to contact your vendor directly.
Disable the SIP-enabled devices and services
As a general rule, the CERT/CC recommends disabling any service or
capability that is not explicitly required. Some of the affected
products may rely on SIP to be functional. You should carefully
consider the impact of blocking services that you may be using.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of
these vulnerabilities by blocking access to SIP devices and
services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a
network under your administrative control. Servers are typically
the only machines that need to accept inbound traffic from the
public Internet. Note that most SIP User Agents (including IP
phones or "clien"t software) consist of a User Agent Client and a
User Agent Server. In the network usage policy of many sites, there
are few reasons for external hosts to initiate inbound traffic to
machines that provide no public services. Thus, ingress filtering
should be performed at the border to prohibit externally initiated
inbound traffic to non-authorized services.
Please note that this workaround may not protect vulnerable devices
from internal attacks.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need
for machines providing public services to initiate outbound traffic
to the Internet. In the case of the SIP vulnerabilities, employing
egress filtering on the ports listed above at your network border
may prevent your network from being used as a source for attacks on
other sites.
Block SIP requests directed to broadcast addresses at your router.
Since SIP requests can be transmitted via UDP, broadcast attacks
are possible. One solution to prevent your site from being used as
an intermediary in an attack is to block SIP requests directed to
broadcast addresses at your router.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
America Online Inc
Not vulnerable.
Apple Computer Inc.
There are currently no applications shipped by Apple with Mac OS X
or Mac OS X Server which make use of the Session Initiation
Protocol.
Borderware
No BorderWare products make use of SIP and thus no BorderWare
products are affected by this vulnerability.
We would however like to extend our thanks to the OUSPG for their
work as well as for the responsible manner in which they handle
their discoveries. Their detailed reports and test suites are
certainly well-received.
We would also like to reiterate the fact that SIP has yet to
mature, protocol-wise as well as implementation-wise. We do not
recommend that our customers set up SIP relays in parallel to our
firewall products to pass SIP-based applications in or out of
networks where security is a concern of note.
F5 Networks
F5 Networks does not have a SIP server product, and is therefore
not affected by this vulnerability.
Fujitsu
With regards to VU#528719, Fujitsu's UXP/V o.s. is not vulnerable
because the relevant function is not supported under UXP/V.
IBM
SIP is not implemented as part of the AIX operating system.
IP Filter
IPFilter does not do any SIP specific protocol handling and is
therefore not affected by the issues mentioned in the paper cited.
IPTel
All versions of SIP Express Router up to 0.8.9 are sadly vulnerable
to the OUSPG test suite. We strongly advice to upgrade to version
0.8.10. Please also apply the patch to version 0.8.10 from
http://www.iptel.org/ser/security/
before installation and keep on watching this site in the future.
We apologize to our users for the trouble.
Hewlett-Packard Company
Source:
Hewlett-Packard Company
Software Security Response Team
cross reference id: SSRT2402
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send
an E-mail message to: mailto:security-alert@hp.com
Lucent
No Lucent products are known to be affected by this vulnerability,
however we are still researching the issue and will update this
statement as needed.
Microsoft Corporation
Microsoft has investigated these issues. The Microsoft SIP client
implementation is not affected.
NEC Corporation
===================================================================
NEC vendor statement for VU#528719
===================================================================
sent on February 13, 2002
Server Products
* EWS/UP 48 Series operating system
* - is NOT vulnerable, because it does not support SIP.
Router Products
* IX 1000 / 2000 / 5000 Series
* - is NOT vulnerable, because it does not support SIP.
Other Network products
* We continue to check our products which support SIP protocol.
===================================================================
NETBSD
NetBSD does not ship any implementation of SIP.
NETfilter.org
As the linux 2.4/2.5 netfilter implementation currently doesn't
support connection tracking or NAT for the SIP protocol suite, we
are not vulnerable to this bug.
NetScreen
NetScreen is not vulnerable to this issue.
Network Appliance
NetApp products are not affected by this vulnerability.
Nokia
Nokia IP Security Platforms based on IPSO, Nokis Small Office
Solution platforms, Nokia VPN products and Nokia Message Protector
platform do not initiate or terminate SIP based sessions. The
mentioned Nokia products are not susceptible to this vulnerability
Nortel Networks
Nortel Networks is cooperating to the fullest extent with the CERT
Coordination Center. All Nortel Networks products that use Session
Initiation Protocol SIP) have been tested and all generally
available products, with the following exceptions, have passed the
test suite:
Succession Communication Server 2000 and Succession Communication
Server 2000 - Compact are impacted by the test suite only in
configurations where SIP-T has been provisioned within the
Communication Server; a software patch is expected to be available
by the end of February.
For further information about Nortel Networks products please
contact Nortel Networks Global Network Support.
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907
9009
Contacts for other regions available at the Global Contact
<http://www.nortelnetworks.com/help/contact/global/> web page.
Novell
Novell has no products implementing SIP.
Secure Computing Corporation
Neither Sidewinder nor Gauntlet implements SIP, so we do not need
to be on the vendor list for this vulnerability.
SecureWorx
We hereby attest that SecureWorx Basilisk Gateway Security product
suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the
Session Initiation Protocol (SIP) Vulnerability VU#528719 as
described in the OUSPG announcement (OUSPG#0106) received on Fri, 8
Nov 2002 10:17:11 -0500.
Stonesoft
Stonesoft's StoneGate high availability firewall and VPN product
does not contain any code that handles SIP protocol. No versions of
StoneGate are vulnerable.
Symantec
Symantec Corporation products are not vulnerable to this issue.
Xerox
Xerox is aware of this vulnerability and is currently assessing all
products. This statement will be updated as new information becomes
available.
Appendix B. - References
1. http://www.ee.oulu.fi/research/ouspg/protos/
2. http://www.kb.cert.org/vuls/id/528719
3. http://www.cert.org/tech_tips/denial_of_service.html
4. http://www.ietf.org/html.charters/sip-charter.html
5. RFC3261 - SIP: Session Initiation Protocol
6. RFC2327 - SDP: Session Description Protocol
7. RFC2279 - UTF-8, a transformation format of ISO 10646
8. Session Initiation Protocol Basic Call Flow Examples
9. We would also like to acknowledge the
"RedSkins" project of "MediaTeam Oulu" for their support of this research.
Feedback on this document can be directed to the authors, Jason A. Rafail and Ian A. Finlay.
This document is available from: http://www.cert.org/advisories/CA-2003-06.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History Feb 21, 2003: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG IXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ 17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O Eisa8/wivlM= =p961 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "omnipcx",
"scope": "eq",
"trust": 1.6,
"vendor": "alcatel lucent",
"version": "5.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cirpack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "columbia sip user agent sipc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dynamicsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iptel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediatrix telecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pingtel",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "ne",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.6"
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "appengine",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "ne",
"trust": 0.3,
"vendor": "columbia",
"version": "2.0"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.9"
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3-1"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "osip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.5"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.4"
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server compact",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000-"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.0"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1-1"
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "eq",
"trust": 0.3,
"vendor": "columbia",
"version": "1.74"
},
{
"model": "osip",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.5"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1"
},
{
"model": "c++ sip user agent",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "5.0"
},
{
"model": "sip express router",
"scope": "ne",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "6.0"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2-1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.8"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000045"
},
{
"db": "NVD",
"id": "CVE-2003-1108"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:alcatel-lucent:omnipcx:5.0:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1108"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oulu University Secure Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-307"
}
],
"trust": 0.6
},
"cve": "CVE-2003-1108",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2003-1108",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-1108",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#528719",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-307",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000045"
},
{
"db": "NVD",
"id": "CVE-2003-1108"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. Provided by many vendors SIP For service implementation, SIP Used when establishing a session INVITE Malicious due to poor message processing INVITE Service disruption by creating and sending requests (DoS) There is a vulnerability that becomes a condition.SIP Service disrupted service operation (DoS) State, or SIP Arbitrary code may be executed with the privilege of executing the service. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. \nThese issues are related to handling of SIP INVITE messages. \nExploitation and the specific nature of each vulnerability may depend on the particular implementation. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the\nSession Initiation Protocol (SIP)\n\n Original release date: February 21, 2003\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n Other systems making use of SIP may also be vulnerable but were not\n specifically tested. Not all SIP implementations are affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from VU#528719. These\n vulnerabilities may allow an attacker to gain unauthorized privileged\n access, cause denial-of-service attacks, or cause unstable system\n behavior. If your site uses SIP-enabled products in any capacity, the\n CERT/CC encourages you to read this advisory and follow the advice\n provided in the Solution section below. \n\nI. \n SIP is a text-based protocol for initiating communication and data\n sessions between users. \n\n The Oulu University Secure Programming Group (OUSPG) previously\n conducted research into vulnerabilities in LDAP, culminating in CERT\n Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03. \n\n OUSPG\u0027s most recent research focused on a subset of SIP related to the\n INVITE message, which SIP agents and proxies are required to accept in\n order to set up sessions. Note that \"throttling\" is an expected\n behavior. \n\n Specifications for the Session Initiation Protocol are available in\n RFC3261:\n\n http://www.ietf.org/rfc/rfc3261.txt\n\n OUSPG has established the following site with detailed documentation\n regarding SIP and the implementation test results from the test suite:\n\n http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/\n\n The IETF Charter page for SIP is available at\n\n http://www.ietf.org/html.charters/sip-charter.html\n\nII. Impact\n\n Exploitation of these vulnerabilities may result in denial-of-service\n conditions, service interruptions, and in some cases may allow an\n attacker to gain unauthorized access to the affected device. Specific\n impacts will vary from product to product. \n\nIII. Solution\n\n Many of the mitigation steps recommended below may have significant\n impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\n Apply a patch from your vendor\n\n Appendix A contains information provided by vendors for this\n advisory. Please consult this appendix and VU#528719 to determine\n if your product is vulnerable. If a statement is unavailable, you\n may need to contact your vendor directly. \n\n Disable the SIP-enabled devices and services\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required. Some of the affected\n products may rely on SIP to be functional. You should carefully\n consider the impact of blocking services that you may be using. \n\n Ingress filtering\n\n As a temporary measure, it may be possible to limit the scope of\n these vulnerabilities by blocking access to SIP devices and\n services at the network perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a\n network under your administrative control. Servers are typically\n the only machines that need to accept inbound traffic from the\n public Internet. Note that most SIP User Agents (including IP\n phones or \"clien\"t software) consist of a User Agent Client and a\n User Agent Server. In the network usage policy of many sites, there\n are few reasons for external hosts to initiate inbound traffic to\n machines that provide no public services. Thus, ingress filtering\n should be performed at the border to prohibit externally initiated\n inbound traffic to non-authorized services. \n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\n Egress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need\n for machines providing public services to initiate outbound traffic\n to the Internet. In the case of the SIP vulnerabilities, employing\n egress filtering on the ports listed above at your network border\n may prevent your network from being used as a source for attacks on\n other sites. \n\n Block SIP requests directed to broadcast addresses at your router. \n\n Since SIP requests can be transmitted via UDP, broadcast attacks\n are possible. One solution to prevent your site from being used as\n an intermediary in an attack is to block SIP requests directed to\n broadcast addresses at your router. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\n America Online Inc\n\n Not vulnerable. \n\n Apple Computer Inc. \n\n There are currently no applications shipped by Apple with Mac OS X\n or Mac OS X Server which make use of the Session Initiation\n Protocol. \n\n Borderware\n\n No BorderWare products make use of SIP and thus no BorderWare\n products are affected by this vulnerability. \n We would however like to extend our thanks to the OUSPG for their\n work as well as for the responsible manner in which they handle\n their discoveries. Their detailed reports and test suites are\n certainly well-received. \n We would also like to reiterate the fact that SIP has yet to\n mature, protocol-wise as well as implementation-wise. We do not\n recommend that our customers set up SIP relays in parallel to our\n firewall products to pass SIP-based applications in or out of\n networks where security is a concern of note. \n\n F5 Networks\n\n F5 Networks does not have a SIP server product, and is therefore\n not affected by this vulnerability. \n\n Fujitsu\n\n With regards to VU#528719, Fujitsu\u0027s UXP/V o.s. is not vulnerable\n because the relevant function is not supported under UXP/V. \n\n IBM\n\n SIP is not implemented as part of the AIX operating system. \n\n IP Filter\n\n IPFilter does not do any SIP specific protocol handling and is\n therefore not affected by the issues mentioned in the paper cited. \n\n IPTel\n\n All versions of SIP Express Router up to 0.8.9 are sadly vulnerable\n to the OUSPG test suite. We strongly advice to upgrade to version\n 0.8.10. Please also apply the patch to version 0.8.10 from\n http://www.iptel.org/ser/security/\n before installation and keep on watching this site in the future. \n We apologize to our users for the trouble. \n\n Hewlett-Packard Company\n\n Source:\n Hewlett-Packard Company\n Software Security Response Team\n cross reference id: SSRT2402\n\n HP-UX - not vulnerable\n HP-MPE/ix - not vulnerable\n HP Tru64 UNIX - not vulnerable\n HP OpenVMS - not vulnerable\n HP NonStop Servers - not vulnerable\n\n To report potential security vulnerabilities in HP software, send\n an E-mail message to: mailto:security-alert@hp.com\n\n Lucent\n\n No Lucent products are known to be affected by this vulnerability,\n however we are still researching the issue and will update this\n statement as needed. \n\n Microsoft Corporation\n\n Microsoft has investigated these issues. The Microsoft SIP client\n implementation is not affected. \n\n NEC Corporation\n\n ===================================================================\n NEC vendor statement for VU#528719\n ===================================================================\n\n sent on February 13, 2002\n Server Products\n * EWS/UP 48 Series operating system\n * - is NOT vulnerable, because it does not support SIP. \n\n Router Products\n * IX 1000 / 2000 / 5000 Series\n * - is NOT vulnerable, because it does not support SIP. \n\n Other Network products\n * We continue to check our products which support SIP protocol. \n\n ===================================================================\n\n NETBSD\n\n NetBSD does not ship any implementation of SIP. \n\n NETfilter.org\n\n As the linux 2.4/2.5 netfilter implementation currently doesn\u0027t\n support connection tracking or NAT for the SIP protocol suite, we\n are not vulnerable to this bug. \n\n NetScreen\n\n NetScreen is not vulnerable to this issue. \n\n Network Appliance\n\n NetApp products are not affected by this vulnerability. \n\n Nokia\n\n Nokia IP Security Platforms based on IPSO, Nokis Small Office\n Solution platforms, Nokia VPN products and Nokia Message Protector\n platform do not initiate or terminate SIP based sessions. The\n mentioned Nokia products are not susceptible to this vulnerability\n\n Nortel Networks\n\n Nortel Networks is cooperating to the fullest extent with the CERT\n Coordination Center. All Nortel Networks products that use Session\n Initiation Protocol SIP) have been tested and all generally\n available products, with the following exceptions, have passed the\n test suite:\n\n Succession Communication Server 2000 and Succession Communication\n Server 2000 - Compact are impacted by the test suite only in\n configurations where SIP-T has been provisioned within the\n Communication Server; a software patch is expected to be available\n by the end of February. \n\n For further information about Nortel Networks products please\n contact Nortel Networks Global Network Support. \n\n North America: 1-800-4-NORTEL, or (1-800-466-7835)\n Europe, Middle East \u0026 Africa: 00800 8008 9009, or +44 (0) 870 907\n 9009\n\n Contacts for other regions available at the Global Contact\n \u003chttp://www.nortelnetworks.com/help/contact/global/\u003e web page. \n\n Novell\n\n Novell has no products implementing SIP. \n\n Secure Computing Corporation\n\n Neither Sidewinder nor Gauntlet implements SIP, so we do not need\n to be on the vendor list for this vulnerability. \n\n SecureWorx\n\n We hereby attest that SecureWorx Basilisk Gateway Security product\n suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the\n Session Initiation Protocol (SIP) Vulnerability VU#528719 as\n described in the OUSPG announcement (OUSPG#0106) received on Fri, 8\n Nov 2002 10:17:11 -0500. \n\n Stonesoft\n\n Stonesoft\u0027s StoneGate high availability firewall and VPN product\n does not contain any code that handles SIP protocol. No versions of\n StoneGate are vulnerable. \n\n Symantec\n\n Symantec Corporation products are not vulnerable to this issue. \n\n Xerox\n\n Xerox is aware of this vulnerability and is currently assessing all\n products. This statement will be updated as new information becomes\n available. \n\nAppendix B. - References\n\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/528719\n 3. http://www.cert.org/tech_tips/denial_of_service.html\n 4. http://www.ietf.org/html.charters/sip-charter.html\n 5. RFC3261 - SIP: Session Initiation Protocol\n 6. RFC2327 - SDP: Session Description Protocol\n 7. RFC2279 - UTF-8, a transformation format of ISO 10646\n 8. Session Initiation Protocol Basic Call Flow Examples \n 9. We would also like to acknowledge the\n \"RedSkins\" project of \"MediaTeam Oulu\" for their support of this\n research. \n _________________________________________________________________\n\n Feedback on this document can be directed to the authors, \n Jason A. Rafail and Ian A. Finlay. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2003-06.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2003 Carnegie Mellon University. \n\n Revision History\n Feb 21, 2003: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG\nIXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ\n17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O\nEisa8/wivlM=\n=p961\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1108"
},
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000045"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719",
"trust": 3.6
},
{
"db": "BID",
"id": "6904",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2003-1108",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1006144",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000045",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "CA-2003-06",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4442",
"trust": 0.6
},
{
"db": "XF",
"id": "11379",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5831",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200312-307",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "30838",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000045"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1108"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-307"
}
]
},
"id": "VAR-200312-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37675563
},
"last_update_date": "2023-12-18T12:13:49.070000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20030221-protos",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml"
},
{
"title": "2003-02-21-00",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20030221-protos-j.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1108"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
},
{
"trust": 2.8,
"url": "http://www.cert.org/advisories/ca-2003-06.html"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/6904"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5831"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/html.charters/sip-charter.html"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/rfc/rfc3261.txt"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/ "
},
{
"trust": 0.8,
"url": "http://www.mediateam.oulu.fi/projects/redskins/?lang=en"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3665.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2327.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2279.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-1108"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2003/wr030801.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2003-06"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-1108"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2003/feb/1006144.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11379"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5831"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4442"
},
{
"trust": 0.3,
"url": "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php"
},
{
"trust": 0.3,
"url": "http://www.fsf.org/software/osip/osip.html"
},
{
"trust": 0.3,
"url": "http://www.partysip.org/"
},
{
"trust": 0.3,
"url": "http://www.iptel.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=16123"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.iptel.org/ser/security/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/\u003e"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000045"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1108"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000045"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1108"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000045"
},
{
"date": "2003-02-21T17:04:53",
"db": "PACKETSTORM",
"id": "30838"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1108"
},
{
"date": "2003-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000045"
},
{
"date": "2017-10-11T01:29:18.823000",
"db": "NVD",
"id": "CVE-2003-1108"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-307"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "6904"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-307"
}
],
"trust": 0.9
}
}
VAR-200312-0085
Vulnerability from variot - Updated: 2023-12-18 12:13The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
Original release date: February 21, 2003 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file. Other systems making use of SIP may also be vulnerable but were not specifically tested. Not all SIP implementations are affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from VU#528719. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
I. SIP is a text-based protocol for initiating communication and data sessions between users.
The Oulu University Secure Programming Group (OUSPG) previously conducted research into vulnerabilities in LDAP, culminating in CERT Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03.
OUSPG's most recent research focused on a subset of SIP related to the INVITE message, which SIP agents and proxies are required to accept in order to set up sessions. Note that "throttling" is an expected behavior. Impact
Exploitation of these vulnerabilities may result in denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain unauthorized access to the affected device. Specific impacts will vary from product to product.
III. Solution
Many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this
advisory. Please consult this appendix and VU#528719 to determine
if your product is vulnerable. If a statement is unavailable, you
may need to contact your vendor directly.
Disable the SIP-enabled devices and services
As a general rule, the CERT/CC recommends disabling any service or
capability that is not explicitly required. Some of the affected
products may rely on SIP to be functional. You should carefully
consider the impact of blocking services that you may be using.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of
these vulnerabilities by blocking access to SIP devices and
services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a
network under your administrative control. Servers are typically
the only machines that need to accept inbound traffic from the
public Internet. Note that most SIP User Agents (including IP
phones or "clien"t software) consist of a User Agent Client and a
User Agent Server. In the network usage policy of many sites, there
are few reasons for external hosts to initiate inbound traffic to
machines that provide no public services. Thus, ingress filtering
should be performed at the border to prohibit externally initiated
inbound traffic to non-authorized services.
Please note that this workaround may not protect vulnerable devices
from internal attacks.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need
for machines providing public services to initiate outbound traffic
to the Internet. In the case of the SIP vulnerabilities, employing
egress filtering on the ports listed above at your network border
may prevent your network from being used as a source for attacks on
other sites.
Block SIP requests directed to broadcast addresses at your router.
Since SIP requests can be transmitted via UDP, broadcast attacks
are possible. One solution to prevent your site from being used as
an intermediary in an attack is to block SIP requests directed to
broadcast addresses at your router.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
America Online Inc
Not vulnerable.
Apple Computer Inc.
There are currently no applications shipped by Apple with Mac OS X
or Mac OS X Server which make use of the Session Initiation
Protocol.
Borderware
No BorderWare products make use of SIP and thus no BorderWare
products are affected by this vulnerability.
We would however like to extend our thanks to the OUSPG for their
work as well as for the responsible manner in which they handle
their discoveries. Their detailed reports and test suites are
certainly well-received.
We would also like to reiterate the fact that SIP has yet to
mature, protocol-wise as well as implementation-wise. We do not
recommend that our customers set up SIP relays in parallel to our
firewall products to pass SIP-based applications in or out of
networks where security is a concern of note.
F5 Networks
F5 Networks does not have a SIP server product, and is therefore
not affected by this vulnerability.
Fujitsu
With regards to VU#528719, Fujitsu's UXP/V o.s. is not vulnerable
because the relevant function is not supported under UXP/V.
IBM
SIP is not implemented as part of the AIX operating system.
IP Filter
IPFilter does not do any SIP specific protocol handling and is
therefore not affected by the issues mentioned in the paper cited.
IPTel
All versions of SIP Express Router up to 0.8.9 are sadly vulnerable
to the OUSPG test suite. We strongly advice to upgrade to version
0.8.10. Please also apply the patch to version 0.8.10 from
http://www.iptel.org/ser/security/
before installation and keep on watching this site in the future.
We apologize to our users for the trouble.
Hewlett-Packard Company
Source:
Hewlett-Packard Company
Software Security Response Team
cross reference id: SSRT2402
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send
an E-mail message to: mailto:security-alert@hp.com
Lucent
No Lucent products are known to be affected by this vulnerability,
however we are still researching the issue and will update this
statement as needed.
Microsoft Corporation
Microsoft has investigated these issues. The Microsoft SIP client
implementation is not affected.
NEC Corporation
===================================================================
NEC vendor statement for VU#528719
===================================================================
sent on February 13, 2002
Server Products
* EWS/UP 48 Series operating system
* - is NOT vulnerable, because it does not support SIP.
Router Products
* IX 1000 / 2000 / 5000 Series
* - is NOT vulnerable, because it does not support SIP.
Other Network products
* We continue to check our products which support SIP protocol.
===================================================================
NETBSD
NetBSD does not ship any implementation of SIP.
NETfilter.org
As the linux 2.4/2.5 netfilter implementation currently doesn't
support connection tracking or NAT for the SIP protocol suite, we
are not vulnerable to this bug.
NetScreen
NetScreen is not vulnerable to this issue.
Network Appliance
NetApp products are not affected by this vulnerability.
Nokia
Nokia IP Security Platforms based on IPSO, Nokis Small Office
Solution platforms, Nokia VPN products and Nokia Message Protector
platform do not initiate or terminate SIP based sessions. The
mentioned Nokia products are not susceptible to this vulnerability
Nortel Networks
Nortel Networks is cooperating to the fullest extent with the CERT
Coordination Center. All Nortel Networks products that use Session
Initiation Protocol SIP) have been tested and all generally
available products, with the following exceptions, have passed the
test suite:
Succession Communication Server 2000 and Succession Communication
Server 2000 - Compact are impacted by the test suite only in
configurations where SIP-T has been provisioned within the
Communication Server; a software patch is expected to be available
by the end of February.
For further information about Nortel Networks products please
contact Nortel Networks Global Network Support.
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907
9009
Contacts for other regions available at the Global Contact
<http://www.nortelnetworks.com/help/contact/global/> web page.
Novell
Novell has no products implementing SIP.
Secure Computing Corporation
Neither Sidewinder nor Gauntlet implements SIP, so we do not need
to be on the vendor list for this vulnerability.
SecureWorx
We hereby attest that SecureWorx Basilisk Gateway Security product
suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the
Session Initiation Protocol (SIP) Vulnerability VU#528719 as
described in the OUSPG announcement (OUSPG#0106) received on Fri, 8
Nov 2002 10:17:11 -0500.
Stonesoft
Stonesoft's StoneGate high availability firewall and VPN product
does not contain any code that handles SIP protocol. No versions of
StoneGate are vulnerable.
Symantec
Symantec Corporation products are not vulnerable to this issue.
Xerox
Xerox is aware of this vulnerability and is currently assessing all
products. This statement will be updated as new information becomes
available.
Appendix B. - References
1. http://www.ee.oulu.fi/research/ouspg/protos/
2. http://www.kb.cert.org/vuls/id/528719
3. http://www.cert.org/tech_tips/denial_of_service.html
4. http://www.ietf.org/html.charters/sip-charter.html
5. RFC3261 - SIP: Session Initiation Protocol
6. RFC2327 - SDP: Session Description Protocol
7. RFC2279 - UTF-8, a transformation format of ISO 10646
8. Session Initiation Protocol Basic Call Flow Examples
9. We would also like to acknowledge the
"RedSkins" project of "MediaTeam Oulu" for their support of this research.
Feedback on this document can be directed to the authors, Jason A. Rafail and Ian A. Finlay.
This document is available from: http://www.cert.org/advisories/CA-2003-06.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History Feb 21, 2003: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG IXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ 17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O Eisa8/wivlM= =p961 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0085",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipc",
"scope": "eq",
"trust": 1.6,
"vendor": "columbia university",
"version": "1.74"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cirpack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "columbia sip user agent sipc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dynamicsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iptel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediatrix telecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pingtel",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "ne",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.6"
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "appengine",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "ne",
"trust": 0.3,
"vendor": "columbia",
"version": "2.0"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.9"
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3-1"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "osip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.5"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.4"
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server compact",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000-"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.0"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1-1"
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "eq",
"trust": 0.3,
"vendor": "columbia",
"version": "1.74"
},
{
"model": "osip",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.5"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1"
},
{
"model": "c++ sip user agent",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "5.0"
},
{
"model": "sip express router",
"scope": "ne",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "6.0"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2-1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.8"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "NVD",
"id": "CVE-2003-1110"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-398"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:columbia_university:sipc:1.74:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1110"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oulu University Secure Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-398"
}
],
"trust": 0.6
},
"cve": "CVE-2003-1110",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-1110",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#528719",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-398",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "NVD",
"id": "CVE-2003-1110"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-398"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. \nThese issues are related to handling of SIP INVITE messages. \nExploitation and the specific nature of each vulnerability may depend on the particular implementation. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the\nSession Initiation Protocol (SIP)\n\n Original release date: February 21, 2003\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n Other systems making use of SIP may also be vulnerable but were not\n specifically tested. Not all SIP implementations are affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from VU#528719. These\n vulnerabilities may allow an attacker to gain unauthorized privileged\n access, cause denial-of-service attacks, or cause unstable system\n behavior. If your site uses SIP-enabled products in any capacity, the\n CERT/CC encourages you to read this advisory and follow the advice\n provided in the Solution section below. \n\nI. \n SIP is a text-based protocol for initiating communication and data\n sessions between users. \n\n The Oulu University Secure Programming Group (OUSPG) previously\n conducted research into vulnerabilities in LDAP, culminating in CERT\n Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03. \n\n OUSPG\u0027s most recent research focused on a subset of SIP related to the\n INVITE message, which SIP agents and proxies are required to accept in\n order to set up sessions. Note that \"throttling\" is an expected\n behavior. Impact\n\n Exploitation of these vulnerabilities may result in denial-of-service\n conditions, service interruptions, and in some cases may allow an\n attacker to gain unauthorized access to the affected device. Specific\n impacts will vary from product to product. \n\nIII. Solution\n\n Many of the mitigation steps recommended below may have significant\n impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\n Apply a patch from your vendor\n\n Appendix A contains information provided by vendors for this\n advisory. Please consult this appendix and VU#528719 to determine\n if your product is vulnerable. If a statement is unavailable, you\n may need to contact your vendor directly. \n\n Disable the SIP-enabled devices and services\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required. Some of the affected\n products may rely on SIP to be functional. You should carefully\n consider the impact of blocking services that you may be using. \n\n Ingress filtering\n\n As a temporary measure, it may be possible to limit the scope of\n these vulnerabilities by blocking access to SIP devices and\n services at the network perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a\n network under your administrative control. Servers are typically\n the only machines that need to accept inbound traffic from the\n public Internet. Note that most SIP User Agents (including IP\n phones or \"clien\"t software) consist of a User Agent Client and a\n User Agent Server. In the network usage policy of many sites, there\n are few reasons for external hosts to initiate inbound traffic to\n machines that provide no public services. Thus, ingress filtering\n should be performed at the border to prohibit externally initiated\n inbound traffic to non-authorized services. \n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\n Egress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need\n for machines providing public services to initiate outbound traffic\n to the Internet. In the case of the SIP vulnerabilities, employing\n egress filtering on the ports listed above at your network border\n may prevent your network from being used as a source for attacks on\n other sites. \n\n Block SIP requests directed to broadcast addresses at your router. \n\n Since SIP requests can be transmitted via UDP, broadcast attacks\n are possible. One solution to prevent your site from being used as\n an intermediary in an attack is to block SIP requests directed to\n broadcast addresses at your router. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\n America Online Inc\n\n Not vulnerable. \n\n Apple Computer Inc. \n\n There are currently no applications shipped by Apple with Mac OS X\n or Mac OS X Server which make use of the Session Initiation\n Protocol. \n\n Borderware\n\n No BorderWare products make use of SIP and thus no BorderWare\n products are affected by this vulnerability. \n We would however like to extend our thanks to the OUSPG for their\n work as well as for the responsible manner in which they handle\n their discoveries. Their detailed reports and test suites are\n certainly well-received. \n We would also like to reiterate the fact that SIP has yet to\n mature, protocol-wise as well as implementation-wise. We do not\n recommend that our customers set up SIP relays in parallel to our\n firewall products to pass SIP-based applications in or out of\n networks where security is a concern of note. \n\n F5 Networks\n\n F5 Networks does not have a SIP server product, and is therefore\n not affected by this vulnerability. \n\n Fujitsu\n\n With regards to VU#528719, Fujitsu\u0027s UXP/V o.s. is not vulnerable\n because the relevant function is not supported under UXP/V. \n\n IBM\n\n SIP is not implemented as part of the AIX operating system. \n\n IP Filter\n\n IPFilter does not do any SIP specific protocol handling and is\n therefore not affected by the issues mentioned in the paper cited. \n\n IPTel\n\n All versions of SIP Express Router up to 0.8.9 are sadly vulnerable\n to the OUSPG test suite. We strongly advice to upgrade to version\n 0.8.10. Please also apply the patch to version 0.8.10 from\n http://www.iptel.org/ser/security/\n before installation and keep on watching this site in the future. \n We apologize to our users for the trouble. \n\n Hewlett-Packard Company\n\n Source:\n Hewlett-Packard Company\n Software Security Response Team\n cross reference id: SSRT2402\n\n HP-UX - not vulnerable\n HP-MPE/ix - not vulnerable\n HP Tru64 UNIX - not vulnerable\n HP OpenVMS - not vulnerable\n HP NonStop Servers - not vulnerable\n\n To report potential security vulnerabilities in HP software, send\n an E-mail message to: mailto:security-alert@hp.com\n\n Lucent\n\n No Lucent products are known to be affected by this vulnerability,\n however we are still researching the issue and will update this\n statement as needed. \n\n Microsoft Corporation\n\n Microsoft has investigated these issues. The Microsoft SIP client\n implementation is not affected. \n\n NEC Corporation\n\n ===================================================================\n NEC vendor statement for VU#528719\n ===================================================================\n\n sent on February 13, 2002\n Server Products\n * EWS/UP 48 Series operating system\n * - is NOT vulnerable, because it does not support SIP. \n\n Router Products\n * IX 1000 / 2000 / 5000 Series\n * - is NOT vulnerable, because it does not support SIP. \n\n Other Network products\n * We continue to check our products which support SIP protocol. \n\n ===================================================================\n\n NETBSD\n\n NetBSD does not ship any implementation of SIP. \n\n NETfilter.org\n\n As the linux 2.4/2.5 netfilter implementation currently doesn\u0027t\n support connection tracking or NAT for the SIP protocol suite, we\n are not vulnerable to this bug. \n\n NetScreen\n\n NetScreen is not vulnerable to this issue. \n\n Network Appliance\n\n NetApp products are not affected by this vulnerability. \n\n Nokia\n\n Nokia IP Security Platforms based on IPSO, Nokis Small Office\n Solution platforms, Nokia VPN products and Nokia Message Protector\n platform do not initiate or terminate SIP based sessions. The\n mentioned Nokia products are not susceptible to this vulnerability\n\n Nortel Networks\n\n Nortel Networks is cooperating to the fullest extent with the CERT\n Coordination Center. All Nortel Networks products that use Session\n Initiation Protocol SIP) have been tested and all generally\n available products, with the following exceptions, have passed the\n test suite:\n\n Succession Communication Server 2000 and Succession Communication\n Server 2000 - Compact are impacted by the test suite only in\n configurations where SIP-T has been provisioned within the\n Communication Server; a software patch is expected to be available\n by the end of February. \n\n For further information about Nortel Networks products please\n contact Nortel Networks Global Network Support. \n\n North America: 1-800-4-NORTEL, or (1-800-466-7835)\n Europe, Middle East \u0026 Africa: 00800 8008 9009, or +44 (0) 870 907\n 9009\n\n Contacts for other regions available at the Global Contact\n \u003chttp://www.nortelnetworks.com/help/contact/global/\u003e web page. \n\n Novell\n\n Novell has no products implementing SIP. \n\n Secure Computing Corporation\n\n Neither Sidewinder nor Gauntlet implements SIP, so we do not need\n to be on the vendor list for this vulnerability. \n\n SecureWorx\n\n We hereby attest that SecureWorx Basilisk Gateway Security product\n suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the\n Session Initiation Protocol (SIP) Vulnerability VU#528719 as\n described in the OUSPG announcement (OUSPG#0106) received on Fri, 8\n Nov 2002 10:17:11 -0500. \n\n Stonesoft\n\n Stonesoft\u0027s StoneGate high availability firewall and VPN product\n does not contain any code that handles SIP protocol. No versions of\n StoneGate are vulnerable. \n\n Symantec\n\n Symantec Corporation products are not vulnerable to this issue. \n\n Xerox\n\n Xerox is aware of this vulnerability and is currently assessing all\n products. This statement will be updated as new information becomes\n available. \n\nAppendix B. - References\n\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/528719\n 3. http://www.cert.org/tech_tips/denial_of_service.html\n 4. http://www.ietf.org/html.charters/sip-charter.html\n 5. RFC3261 - SIP: Session Initiation Protocol\n 6. RFC2327 - SDP: Session Description Protocol\n 7. RFC2279 - UTF-8, a transformation format of ISO 10646\n 8. Session Initiation Protocol Basic Call Flow Examples \n 9. We would also like to acknowledge the\n \"RedSkins\" project of \"MediaTeam Oulu\" for their support of this\n research. \n _________________________________________________________________\n\n Feedback on this document can be directed to the authors, \n Jason A. Rafail and Ian A. Finlay. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2003-06.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2003 Carnegie Mellon University. \n\n Revision History\n Feb 21, 2003: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG\nIXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ\n17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O\nEisa8/wivlM=\n=p961\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1110"
},
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719",
"trust": 2.8
},
{
"db": "BID",
"id": "6904",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1006167",
"trust": 1.6
},
{
"db": "NVD",
"id": "CVE-2003-1110",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "CA-2003-06",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4442",
"trust": 0.6
},
{
"db": "XF",
"id": "11379",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200312-398",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "30838",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1110"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-398"
}
]
},
"id": "VAR-200312-0085",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37675563
},
"last_update_date": "2023-12-18T12:13:49.040000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1110"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
},
{
"trust": 2.0,
"url": "http://www.cert.org/advisories/ca-2003-06.html"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1006167"
},
{
"trust": 1.6,
"url": "http://www.cs.columbia.edu/~xiaotaow/sipc/ouspg.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/6904"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/html.charters/sip-charter.html"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/rfc/rfc3261.txt"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/ "
},
{
"trust": 0.8,
"url": "http://www.mediateam.oulu.fi/projects/redskins/?lang=en"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3665.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2327.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2279.txt"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11379"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4442"
},
{
"trust": 0.3,
"url": "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php"
},
{
"trust": 0.3,
"url": "http://www.fsf.org/software/osip/osip.html"
},
{
"trust": 0.3,
"url": "http://www.partysip.org/"
},
{
"trust": 0.3,
"url": "http://www.iptel.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=16123"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.iptel.org/ser/security/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/\u003e"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1110"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-398"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1110"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-398"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2003-02-21T17:04:53",
"db": "PACKETSTORM",
"id": "30838"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1110"
},
{
"date": "2003-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-398"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2017-07-11T01:29:45.040000",
"db": "NVD",
"id": "CVE-2003-1110"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-398"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-398"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "6904"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-398"
}
],
"trust": 0.9
}
}
VAR-200312-0084
Vulnerability from variot - Updated: 2023-12-18 12:13The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation. SIP is part of the IETF standards process, and it builds on foundations such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext Transfer Protocol). It is used to establish, change and terminate calls between users based on IP networks. These vulnerabilities include buffer overflow and improper handling of request messages containing illegal headers, which can cause buffer overflow on devices running this protocol, resulting in denial of service, and may also cause unauthorized access or remote execution of arbitrary commands. Cisco IP Telephony Modules 7940 and 7960 have these vulnerabilities, which can cause denial of service, and are documented in Cisco Bug IDs CSCdz26317, CSCdz29003, CSCdz29033, and CSCdz29041. Versions running Cisco IOS 12.2T train or any 12.2 \'\'X\'\' train will reset due to incorrect handling of SIP protocols containing illegal headers. These vulnerabilities are documented in Cisco Bug IDs CSCdz39284 and CSCdz41124. Devices running an IOS version with this vulnerability and configured as a SIP gateway will cause the vulnerability generated by CSCdz39284. However, any version of IOS running with this vulnerability and configured in NAT mode will cause the vulnerability described by CSCdz41124 when SIP uses UDP for transmission. The Cisco PIX firewall resets when it receives a fragmented SIP INVITE message. Since the current SIP patch does not support fragmented SIP messages, the vulnerability described by Cisco Bug ID CSCdx47789 is temporarily patched by dropping SIP fragments.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
Original release date: February 21, 2003 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file. Other systems making use of SIP may also be vulnerable but were not specifically tested. Not all SIP implementations are affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from VU#528719. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
I. SIP is a text-based protocol for initiating communication and data sessions between users.
The Oulu University Secure Programming Group (OUSPG) previously conducted research into vulnerabilities in LDAP, culminating in CERT Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03.
OUSPG's most recent research focused on a subset of SIP related to the INVITE message, which SIP agents and proxies are required to accept in order to set up sessions. Note that "throttling" is an expected behavior.
Specifications for the Session Initiation Protocol are available in RFC3261:
http://www.ietf.org/rfc/rfc3261.txt
OUSPG has established the following site with detailed documentation regarding SIP and the implementation test results from the test suite:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
The IETF Charter page for SIP is available at
http://www.ietf.org/html.charters/sip-charter.html
II. Impact
Exploitation of these vulnerabilities may result in denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain unauthorized access to the affected device. Specific impacts will vary from product to product.
III. Solution
Many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this
advisory. Please consult this appendix and VU#528719 to determine
if your product is vulnerable. If a statement is unavailable, you
may need to contact your vendor directly.
Disable the SIP-enabled devices and services
As a general rule, the CERT/CC recommends disabling any service or
capability that is not explicitly required. Some of the affected
products may rely on SIP to be functional. You should carefully
consider the impact of blocking services that you may be using.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of
these vulnerabilities by blocking access to SIP devices and
services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a
network under your administrative control. Servers are typically
the only machines that need to accept inbound traffic from the
public Internet. Note that most SIP User Agents (including IP
phones or "clien"t software) consist of a User Agent Client and a
User Agent Server. In the network usage policy of many sites, there
are few reasons for external hosts to initiate inbound traffic to
machines that provide no public services. Thus, ingress filtering
should be performed at the border to prohibit externally initiated
inbound traffic to non-authorized services.
Please note that this workaround may not protect vulnerable devices
from internal attacks.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need
for machines providing public services to initiate outbound traffic
to the Internet. In the case of the SIP vulnerabilities, employing
egress filtering on the ports listed above at your network border
may prevent your network from being used as a source for attacks on
other sites.
Block SIP requests directed to broadcast addresses at your router.
Since SIP requests can be transmitted via UDP, broadcast attacks
are possible. One solution to prevent your site from being used as
an intermediary in an attack is to block SIP requests directed to
broadcast addresses at your router.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
America Online Inc
Not vulnerable.
Apple Computer Inc.
There are currently no applications shipped by Apple with Mac OS X
or Mac OS X Server which make use of the Session Initiation
Protocol.
Borderware
No BorderWare products make use of SIP and thus no BorderWare
products are affected by this vulnerability.
We would however like to extend our thanks to the OUSPG for their
work as well as for the responsible manner in which they handle
their discoveries. Their detailed reports and test suites are
certainly well-received.
We would also like to reiterate the fact that SIP has yet to
mature, protocol-wise as well as implementation-wise. We do not
recommend that our customers set up SIP relays in parallel to our
firewall products to pass SIP-based applications in or out of
networks where security is a concern of note.
F5 Networks
F5 Networks does not have a SIP server product, and is therefore
not affected by this vulnerability.
Fujitsu
With regards to VU#528719, Fujitsu's UXP/V o.s. is not vulnerable
because the relevant function is not supported under UXP/V.
IBM
SIP is not implemented as part of the AIX operating system.
IP Filter
IPFilter does not do any SIP specific protocol handling and is
therefore not affected by the issues mentioned in the paper cited.
IPTel
All versions of SIP Express Router up to 0.8.9 are sadly vulnerable
to the OUSPG test suite. We strongly advice to upgrade to version
0.8.10. Please also apply the patch to version 0.8.10 from
http://www.iptel.org/ser/security/
before installation and keep on watching this site in the future.
We apologize to our users for the trouble.
Hewlett-Packard Company
Source:
Hewlett-Packard Company
Software Security Response Team
cross reference id: SSRT2402
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send
an E-mail message to: mailto:security-alert@hp.com
Lucent
No Lucent products are known to be affected by this vulnerability,
however we are still researching the issue and will update this
statement as needed.
Microsoft Corporation
Microsoft has investigated these issues. The Microsoft SIP client
implementation is not affected.
NEC Corporation
===================================================================
NEC vendor statement for VU#528719
===================================================================
sent on February 13, 2002
Server Products
* EWS/UP 48 Series operating system
* - is NOT vulnerable, because it does not support SIP.
Router Products
* IX 1000 / 2000 / 5000 Series
* - is NOT vulnerable, because it does not support SIP.
Other Network products
* We continue to check our products which support SIP protocol.
===================================================================
NETBSD
NetBSD does not ship any implementation of SIP.
NETfilter.org
As the linux 2.4/2.5 netfilter implementation currently doesn't
support connection tracking or NAT for the SIP protocol suite, we
are not vulnerable to this bug.
NetScreen
NetScreen is not vulnerable to this issue.
Network Appliance
NetApp products are not affected by this vulnerability.
Nokia
Nokia IP Security Platforms based on IPSO, Nokis Small Office
Solution platforms, Nokia VPN products and Nokia Message Protector
platform do not initiate or terminate SIP based sessions. The
mentioned Nokia products are not susceptible to this vulnerability
Nortel Networks
Nortel Networks is cooperating to the fullest extent with the CERT
Coordination Center. All Nortel Networks products that use Session
Initiation Protocol SIP) have been tested and all generally
available products, with the following exceptions, have passed the
test suite:
Succession Communication Server 2000 and Succession Communication
Server 2000 - Compact are impacted by the test suite only in
configurations where SIP-T has been provisioned within the
Communication Server; a software patch is expected to be available
by the end of February.
For further information about Nortel Networks products please
contact Nortel Networks Global Network Support.
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907
9009
Contacts for other regions available at the Global Contact
<http://www.nortelnetworks.com/help/contact/global/> web page.
Novell
Novell has no products implementing SIP.
Secure Computing Corporation
Neither Sidewinder nor Gauntlet implements SIP, so we do not need
to be on the vendor list for this vulnerability.
SecureWorx
We hereby attest that SecureWorx Basilisk Gateway Security product
suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the
Session Initiation Protocol (SIP) Vulnerability VU#528719 as
described in the OUSPG announcement (OUSPG#0106) received on Fri, 8
Nov 2002 10:17:11 -0500.
Stonesoft
Stonesoft's StoneGate high availability firewall and VPN product
does not contain any code that handles SIP protocol. No versions of
StoneGate are vulnerable.
Symantec
Symantec Corporation products are not vulnerable to this issue.
Xerox
Xerox is aware of this vulnerability and is currently assessing all
products. This statement will be updated as new information becomes
available.
Appendix B. - References
1. http://www.ee.oulu.fi/research/ouspg/protos/
2. http://www.kb.cert.org/vuls/id/528719
3. http://www.cert.org/tech_tips/denial_of_service.html
4. http://www.ietf.org/html.charters/sip-charter.html
5. RFC3261 - SIP: Session Initiation Protocol
6. RFC2327 - SDP: Session Description Protocol
7. RFC2279 - UTF-8, a transformation format of ISO 10646
8. Session Initiation Protocol Basic Call Flow Examples
9. We would also like to acknowledge the
"RedSkins" project of "MediaTeam Oulu" for their support of this research.
Feedback on this document can be directed to the authors, Jason A. Rafail and Ian A. Finlay.
This document is available from: http://www.cert.org/advisories/CA-2003-06.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History Feb 21, 2003: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG IXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ 17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O Eisa8/wivlM= =p961 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2xh"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2xg"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2xf"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2\\(1\\)xd3"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2\\(1\\)xd"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2\\(1\\)xd1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2xe"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2\\(1\\)xa"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2xd"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2\\(1\\)xd4"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(1\\)xs1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xf"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(1\\)xq"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2\\(6\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xu"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xj"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xt"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2\\(1\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xt3"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2\\(5\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xb4"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xa5"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)t4"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(11\\)t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xk"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xs"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3\\(1\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xi1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xm"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(1\\)xe3"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xa"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(1\\)xe2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(1\\)xs"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xn"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xw"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xu2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xk"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xh2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xq"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2\\(2\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xb"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xt"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xr"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2\\(3.210\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xh3"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xc"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xb3"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xl"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xi"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xh"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xj"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xi"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xi2"
},
{
"model": "ip phone 7940",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xj1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(1\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xk2"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3\\(3\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(1\\)xh"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xa"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3\\(1.200\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(2\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3\\(2\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(1\\)xe"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(1\\)"
},
{
"model": "ip phone 7960",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2xn"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xa1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2\\(7\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xg"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(2\\)xb"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cirpack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "columbia sip user agent sipc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dynamicsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iptel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediatrix telecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pingtel",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "ne",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.6"
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "appengine",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "ne",
"trust": 0.3,
"vendor": "columbia",
"version": "2.0"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.9"
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3-1"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "osip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.5"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.4"
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server compact",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000-"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.0"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1-1"
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "eq",
"trust": 0.3,
"vendor": "columbia",
"version": "1.74"
},
{
"model": "osip",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.5"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1"
},
{
"model": "c++ sip user agent",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "5.0"
},
{
"model": "sip express router",
"scope": "ne",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "6.0"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2-1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.8"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "NVD",
"id": "CVE-2003-1109"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-224"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xs:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xs1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xu:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xu2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xf:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xg:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xn:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xa:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xh:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xn:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xt:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xt3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xl:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xk2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xb:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xc:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xj:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xt:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xw:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(11\\)t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)t4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xf:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xg:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xj:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xj1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xi:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xr:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xs:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1.200\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_7940:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_7960:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(6\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(7\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(3.210\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1109"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oulu University Secure Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-224"
}
],
"trust": 0.6
},
"cve": "CVE-2003-1109",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7934",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-1109",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#528719",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-224",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7934",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7934"
},
{
"db": "NVD",
"id": "CVE-2003-1109"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. \nThese issues are related to handling of SIP INVITE messages. \nExploitation and the specific nature of each vulnerability may depend on the particular implementation. SIP is part of the IETF standards process, and it builds on foundations such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext Transfer Protocol). It is used to establish, change and terminate calls between users based on IP networks. These vulnerabilities include buffer overflow and improper handling of request messages containing illegal headers, which can cause buffer overflow on devices running this protocol, resulting in denial of service, and may also cause unauthorized access or remote execution of arbitrary commands. Cisco IP Telephony Modules 7940 and 7960 have these vulnerabilities, which can cause denial of service, and are documented in Cisco Bug IDs CSCdz26317, CSCdz29003, CSCdz29033, and CSCdz29041. Versions running Cisco IOS 12.2T train or any 12.2 \\\u0027\\\u0027X\\\u0027\\\u0027 train will reset due to incorrect handling of SIP protocols containing illegal headers. These vulnerabilities are documented in Cisco Bug IDs CSCdz39284 and CSCdz41124. Devices running an IOS version with this vulnerability and configured as a SIP gateway will cause the vulnerability generated by CSCdz39284. However, any version of IOS running with this vulnerability and configured in NAT mode will cause the vulnerability described by CSCdz41124 when SIP uses UDP for transmission. The Cisco PIX firewall resets when it receives a fragmented SIP INVITE message. Since the current SIP patch does not support fragmented SIP messages, the vulnerability described by Cisco Bug ID CSCdx47789 is temporarily patched by dropping SIP fragments. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the\nSession Initiation Protocol (SIP)\n\n Original release date: February 21, 2003\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n Other systems making use of SIP may also be vulnerable but were not\n specifically tested. Not all SIP implementations are affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from VU#528719. These\n vulnerabilities may allow an attacker to gain unauthorized privileged\n access, cause denial-of-service attacks, or cause unstable system\n behavior. If your site uses SIP-enabled products in any capacity, the\n CERT/CC encourages you to read this advisory and follow the advice\n provided in the Solution section below. \n\nI. \n SIP is a text-based protocol for initiating communication and data\n sessions between users. \n\n The Oulu University Secure Programming Group (OUSPG) previously\n conducted research into vulnerabilities in LDAP, culminating in CERT\n Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03. \n\n OUSPG\u0027s most recent research focused on a subset of SIP related to the\n INVITE message, which SIP agents and proxies are required to accept in\n order to set up sessions. Note that \"throttling\" is an expected\n behavior. \n\n Specifications for the Session Initiation Protocol are available in\n RFC3261:\n\n http://www.ietf.org/rfc/rfc3261.txt\n\n OUSPG has established the following site with detailed documentation\n regarding SIP and the implementation test results from the test suite:\n\n http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/\n\n The IETF Charter page for SIP is available at\n\n http://www.ietf.org/html.charters/sip-charter.html\n\nII. Impact\n\n Exploitation of these vulnerabilities may result in denial-of-service\n conditions, service interruptions, and in some cases may allow an\n attacker to gain unauthorized access to the affected device. Specific\n impacts will vary from product to product. \n\nIII. Solution\n\n Many of the mitigation steps recommended below may have significant\n impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\n Apply a patch from your vendor\n\n Appendix A contains information provided by vendors for this\n advisory. Please consult this appendix and VU#528719 to determine\n if your product is vulnerable. If a statement is unavailable, you\n may need to contact your vendor directly. \n\n Disable the SIP-enabled devices and services\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required. Some of the affected\n products may rely on SIP to be functional. You should carefully\n consider the impact of blocking services that you may be using. \n\n Ingress filtering\n\n As a temporary measure, it may be possible to limit the scope of\n these vulnerabilities by blocking access to SIP devices and\n services at the network perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a\n network under your administrative control. Servers are typically\n the only machines that need to accept inbound traffic from the\n public Internet. Note that most SIP User Agents (including IP\n phones or \"clien\"t software) consist of a User Agent Client and a\n User Agent Server. In the network usage policy of many sites, there\n are few reasons for external hosts to initiate inbound traffic to\n machines that provide no public services. Thus, ingress filtering\n should be performed at the border to prohibit externally initiated\n inbound traffic to non-authorized services. \n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\n Egress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need\n for machines providing public services to initiate outbound traffic\n to the Internet. In the case of the SIP vulnerabilities, employing\n egress filtering on the ports listed above at your network border\n may prevent your network from being used as a source for attacks on\n other sites. \n\n Block SIP requests directed to broadcast addresses at your router. \n\n Since SIP requests can be transmitted via UDP, broadcast attacks\n are possible. One solution to prevent your site from being used as\n an intermediary in an attack is to block SIP requests directed to\n broadcast addresses at your router. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\n America Online Inc\n\n Not vulnerable. \n\n Apple Computer Inc. \n\n There are currently no applications shipped by Apple with Mac OS X\n or Mac OS X Server which make use of the Session Initiation\n Protocol. \n\n Borderware\n\n No BorderWare products make use of SIP and thus no BorderWare\n products are affected by this vulnerability. \n We would however like to extend our thanks to the OUSPG for their\n work as well as for the responsible manner in which they handle\n their discoveries. Their detailed reports and test suites are\n certainly well-received. \n We would also like to reiterate the fact that SIP has yet to\n mature, protocol-wise as well as implementation-wise. We do not\n recommend that our customers set up SIP relays in parallel to our\n firewall products to pass SIP-based applications in or out of\n networks where security is a concern of note. \n\n F5 Networks\n\n F5 Networks does not have a SIP server product, and is therefore\n not affected by this vulnerability. \n\n Fujitsu\n\n With regards to VU#528719, Fujitsu\u0027s UXP/V o.s. is not vulnerable\n because the relevant function is not supported under UXP/V. \n\n IBM\n\n SIP is not implemented as part of the AIX operating system. \n\n IP Filter\n\n IPFilter does not do any SIP specific protocol handling and is\n therefore not affected by the issues mentioned in the paper cited. \n\n IPTel\n\n All versions of SIP Express Router up to 0.8.9 are sadly vulnerable\n to the OUSPG test suite. We strongly advice to upgrade to version\n 0.8.10. Please also apply the patch to version 0.8.10 from\n http://www.iptel.org/ser/security/\n before installation and keep on watching this site in the future. \n We apologize to our users for the trouble. \n\n Hewlett-Packard Company\n\n Source:\n Hewlett-Packard Company\n Software Security Response Team\n cross reference id: SSRT2402\n\n HP-UX - not vulnerable\n HP-MPE/ix - not vulnerable\n HP Tru64 UNIX - not vulnerable\n HP OpenVMS - not vulnerable\n HP NonStop Servers - not vulnerable\n\n To report potential security vulnerabilities in HP software, send\n an E-mail message to: mailto:security-alert@hp.com\n\n Lucent\n\n No Lucent products are known to be affected by this vulnerability,\n however we are still researching the issue and will update this\n statement as needed. \n\n Microsoft Corporation\n\n Microsoft has investigated these issues. The Microsoft SIP client\n implementation is not affected. \n\n NEC Corporation\n\n ===================================================================\n NEC vendor statement for VU#528719\n ===================================================================\n\n sent on February 13, 2002\n Server Products\n * EWS/UP 48 Series operating system\n * - is NOT vulnerable, because it does not support SIP. \n\n Router Products\n * IX 1000 / 2000 / 5000 Series\n * - is NOT vulnerable, because it does not support SIP. \n\n Other Network products\n * We continue to check our products which support SIP protocol. \n\n ===================================================================\n\n NETBSD\n\n NetBSD does not ship any implementation of SIP. \n\n NETfilter.org\n\n As the linux 2.4/2.5 netfilter implementation currently doesn\u0027t\n support connection tracking or NAT for the SIP protocol suite, we\n are not vulnerable to this bug. \n\n NetScreen\n\n NetScreen is not vulnerable to this issue. \n\n Network Appliance\n\n NetApp products are not affected by this vulnerability. \n\n Nokia\n\n Nokia IP Security Platforms based on IPSO, Nokis Small Office\n Solution platforms, Nokia VPN products and Nokia Message Protector\n platform do not initiate or terminate SIP based sessions. The\n mentioned Nokia products are not susceptible to this vulnerability\n\n Nortel Networks\n\n Nortel Networks is cooperating to the fullest extent with the CERT\n Coordination Center. All Nortel Networks products that use Session\n Initiation Protocol SIP) have been tested and all generally\n available products, with the following exceptions, have passed the\n test suite:\n\n Succession Communication Server 2000 and Succession Communication\n Server 2000 - Compact are impacted by the test suite only in\n configurations where SIP-T has been provisioned within the\n Communication Server; a software patch is expected to be available\n by the end of February. \n\n For further information about Nortel Networks products please\n contact Nortel Networks Global Network Support. \n\n North America: 1-800-4-NORTEL, or (1-800-466-7835)\n Europe, Middle East \u0026 Africa: 00800 8008 9009, or +44 (0) 870 907\n 9009\n\n Contacts for other regions available at the Global Contact\n \u003chttp://www.nortelnetworks.com/help/contact/global/\u003e web page. \n\n Novell\n\n Novell has no products implementing SIP. \n\n Secure Computing Corporation\n\n Neither Sidewinder nor Gauntlet implements SIP, so we do not need\n to be on the vendor list for this vulnerability. \n\n SecureWorx\n\n We hereby attest that SecureWorx Basilisk Gateway Security product\n suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the\n Session Initiation Protocol (SIP) Vulnerability VU#528719 as\n described in the OUSPG announcement (OUSPG#0106) received on Fri, 8\n Nov 2002 10:17:11 -0500. \n\n Stonesoft\n\n Stonesoft\u0027s StoneGate high availability firewall and VPN product\n does not contain any code that handles SIP protocol. No versions of\n StoneGate are vulnerable. \n\n Symantec\n\n Symantec Corporation products are not vulnerable to this issue. \n\n Xerox\n\n Xerox is aware of this vulnerability and is currently assessing all\n products. This statement will be updated as new information becomes\n available. \n\nAppendix B. - References\n\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/528719\n 3. http://www.cert.org/tech_tips/denial_of_service.html\n 4. http://www.ietf.org/html.charters/sip-charter.html\n 5. RFC3261 - SIP: Session Initiation Protocol\n 6. RFC2327 - SDP: Session Description Protocol\n 7. RFC2279 - UTF-8, a transformation format of ISO 10646\n 8. Session Initiation Protocol Basic Call Flow Examples \n 9. We would also like to acknowledge the\n \"RedSkins\" project of \"MediaTeam Oulu\" for their support of this\n research. \n _________________________________________________________________\n\n Feedback on this document can be directed to the authors, \n Jason A. Rafail and Ian A. Finlay. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2003-06.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2003 Carnegie Mellon University. \n\n Revision History\n Feb 21, 2003: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG\nIXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ\n17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O\nEisa8/wivlM=\n=p961\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1109"
},
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "VULHUB",
"id": "VHN-7934"
},
{
"db": "PACKETSTORM",
"id": "30838"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719",
"trust": 2.9
},
{
"db": "BID",
"id": "6904",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1006144",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1006145",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1006143",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2003-1109",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200312-224",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "CA-2003-06",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4442",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20030221 MULTIPLE PRODUCT VULNERABILITIES FOUND BY PROTOS SIP TEST SUITE",
"trust": 0.6
},
{
"db": "XF",
"id": "11379",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7934",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30838",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7934"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1109"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-224"
}
]
},
"id": "VAR-200312-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7934"
}
],
"trust": 0.47675563
},
"last_update_date": "2023-12-18T12:13:49.007000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1109"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
},
{
"trust": 2.1,
"url": "http://www.cert.org/advisories/ca-2003-06.html"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6904"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1006143"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1006144"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1006145"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/html.charters/sip-charter.html"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/rfc/rfc3261.txt"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/ "
},
{
"trust": 0.8,
"url": "http://www.mediateam.oulu.fi/projects/redskins/?lang=en"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3665.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2327.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2279.txt"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11379"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4442"
},
{
"trust": 0.3,
"url": "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php"
},
{
"trust": 0.3,
"url": "http://www.fsf.org/software/osip/osip.html"
},
{
"trust": 0.3,
"url": "http://www.partysip.org/"
},
{
"trust": 0.3,
"url": "http://www.iptel.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=16123"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.iptel.org/ser/security/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/\u003e"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7934"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1109"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7934"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1109"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-7934"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2003-02-21T17:04:53",
"db": "PACKETSTORM",
"id": "30838"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1109"
},
{
"date": "2003-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-7934"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2018-10-30T16:26:18.060000",
"db": "NVD",
"id": "CVE-2003-1109"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-224"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "6904"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-224"
}
],
"trust": 0.9
}
}
VAR-201411-0060
Vulnerability from variot - Updated: 2023-12-18 12:13Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Apache Cordova for Android versions 3.5.0 and prior are vulnerable. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
Original release date: February 21, 2003 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file. Other systems making use of SIP may also be vulnerable but were not specifically tested. Not all SIP implementations are affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from VU#528719. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
I. SIP is a text-based protocol for initiating communication and data sessions between users.
The Oulu University Secure Programming Group (OUSPG) previously conducted research into vulnerabilities in LDAP, culminating in CERT Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03.
OUSPG's most recent research focused on a subset of SIP related to the INVITE message, which SIP agents and proxies are required to accept in order to set up sessions. Note that "throttling" is an expected behavior.
Specifications for the Session Initiation Protocol are available in RFC3261:
http://www.ietf.org/rfc/rfc3261.txt
OUSPG has established the following site with detailed documentation regarding SIP and the implementation test results from the test suite:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
The IETF Charter page for SIP is available at
http://www.ietf.org/html.charters/sip-charter.html
II. Impact
Exploitation of these vulnerabilities may result in denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain unauthorized access to the affected device. Specific impacts will vary from product to product.
III. Solution
Many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this
advisory. Please consult this appendix and VU#528719 to determine
if your product is vulnerable. If a statement is unavailable, you
may need to contact your vendor directly.
Disable the SIP-enabled devices and services
As a general rule, the CERT/CC recommends disabling any service or
capability that is not explicitly required. Some of the affected
products may rely on SIP to be functional. You should carefully
consider the impact of blocking services that you may be using.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of
these vulnerabilities by blocking access to SIP devices and
services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a
network under your administrative control. Servers are typically
the only machines that need to accept inbound traffic from the
public Internet. Note that most SIP User Agents (including IP
phones or "clien"t software) consist of a User Agent Client and a
User Agent Server. In the network usage policy of many sites, there
are few reasons for external hosts to initiate inbound traffic to
machines that provide no public services. Thus, ingress filtering
should be performed at the border to prohibit externally initiated
inbound traffic to non-authorized services.
Please note that this workaround may not protect vulnerable devices
from internal attacks.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need
for machines providing public services to initiate outbound traffic
to the Internet. In the case of the SIP vulnerabilities, employing
egress filtering on the ports listed above at your network border
may prevent your network from being used as a source for attacks on
other sites.
Block SIP requests directed to broadcast addresses at your router.
Since SIP requests can be transmitted via UDP, broadcast attacks
are possible. One solution to prevent your site from being used as
an intermediary in an attack is to block SIP requests directed to
broadcast addresses at your router.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
America Online Inc
Not vulnerable.
Apple Computer Inc.
There are currently no applications shipped by Apple with Mac OS X
or Mac OS X Server which make use of the Session Initiation
Protocol.
Borderware
No BorderWare products make use of SIP and thus no BorderWare
products are affected by this vulnerability.
We would however like to extend our thanks to the OUSPG for their
work as well as for the responsible manner in which they handle
their discoveries. Their detailed reports and test suites are
certainly well-received.
We would also like to reiterate the fact that SIP has yet to
mature, protocol-wise as well as implementation-wise. We do not
recommend that our customers set up SIP relays in parallel to our
firewall products to pass SIP-based applications in or out of
networks where security is a concern of note.
F5 Networks
F5 Networks does not have a SIP server product, and is therefore
not affected by this vulnerability.
Fujitsu
With regards to VU#528719, Fujitsu's UXP/V o.s. is not vulnerable
because the relevant function is not supported under UXP/V.
IBM
SIP is not implemented as part of the AIX operating system.
IP Filter
IPFilter does not do any SIP specific protocol handling and is
therefore not affected by the issues mentioned in the paper cited.
IPTel
All versions of SIP Express Router up to 0.8.9 are sadly vulnerable
to the OUSPG test suite. We strongly advice to upgrade to version
0.8.10. Please also apply the patch to version 0.8.10 from
http://www.iptel.org/ser/security/
before installation and keep on watching this site in the future.
We apologize to our users for the trouble.
Hewlett-Packard Company
Source:
Hewlett-Packard Company
Software Security Response Team
cross reference id: SSRT2402
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send
an E-mail message to: mailto:security-alert@hp.com
Lucent
No Lucent products are known to be affected by this vulnerability,
however we are still researching the issue and will update this
statement as needed.
Microsoft Corporation
Microsoft has investigated these issues. The Microsoft SIP client
implementation is not affected.
NEC Corporation
===================================================================
NEC vendor statement for VU#528719
===================================================================
sent on February 13, 2002
Server Products
* EWS/UP 48 Series operating system
* - is NOT vulnerable, because it does not support SIP.
Router Products
* IX 1000 / 2000 / 5000 Series
* - is NOT vulnerable, because it does not support SIP.
Other Network products
* We continue to check our products which support SIP protocol.
===================================================================
NETBSD
NetBSD does not ship any implementation of SIP.
NETfilter.org
As the linux 2.4/2.5 netfilter implementation currently doesn't
support connection tracking or NAT for the SIP protocol suite, we
are not vulnerable to this bug.
NetScreen
NetScreen is not vulnerable to this issue.
Network Appliance
NetApp products are not affected by this vulnerability.
Nokia
Nokia IP Security Platforms based on IPSO, Nokis Small Office
Solution platforms, Nokia VPN products and Nokia Message Protector
platform do not initiate or terminate SIP based sessions. The
mentioned Nokia products are not susceptible to this vulnerability
Nortel Networks
Nortel Networks is cooperating to the fullest extent with the CERT
Coordination Center. All Nortel Networks products that use Session
Initiation Protocol SIP) have been tested and all generally
available products, with the following exceptions, have passed the
test suite:
Succession Communication Server 2000 and Succession Communication
Server 2000 - Compact are impacted by the test suite only in
configurations where SIP-T has been provisioned within the
Communication Server; a software patch is expected to be available
by the end of February.
For further information about Nortel Networks products please
contact Nortel Networks Global Network Support.
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907
9009
Contacts for other regions available at the Global Contact
<http://www.nortelnetworks.com/help/contact/global/> web page.
Novell
Novell has no products implementing SIP.
Secure Computing Corporation
Neither Sidewinder nor Gauntlet implements SIP, so we do not need
to be on the vendor list for this vulnerability.
SecureWorx
We hereby attest that SecureWorx Basilisk Gateway Security product
suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the
Session Initiation Protocol (SIP) Vulnerability VU#528719 as
described in the OUSPG announcement (OUSPG#0106) received on Fri, 8
Nov 2002 10:17:11 -0500.
Stonesoft
Stonesoft's StoneGate high availability firewall and VPN product
does not contain any code that handles SIP protocol. No versions of
StoneGate are vulnerable.
Symantec
Symantec Corporation products are not vulnerable to this issue.
Xerox
Xerox is aware of this vulnerability and is currently assessing all
products. This statement will be updated as new information becomes
available.
Appendix B. - References
1. http://www.ee.oulu.fi/research/ouspg/protos/
2. http://www.kb.cert.org/vuls/id/528719
3. http://www.cert.org/tech_tips/denial_of_service.html
4. http://www.ietf.org/html.charters/sip-charter.html
5. RFC3261 - SIP: Session Initiation Protocol
6. RFC2327 - SDP: Session Description Protocol
7. RFC2279 - UTF-8, a transformation format of ISO 10646
8. Session Initiation Protocol Basic Call Flow Examples
9. We would also like to acknowledge the
"RedSkins" project of "MediaTeam Oulu" for their support of this research.
Feedback on this document can be directed to the authors, Jason A. Rafail and Ian A. Finlay.
This document is available from: http://www.cert.org/advisories/CA-2003-06.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History Feb 21, 2003: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG IXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ 17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O Eisa8/wivlM= =p961 -----END PGP SIGNATURE----- . Android Platform Release: 04 Aug 2014
Security issues were discovered in the Android platform of Cordova. Other Cordova platforms such as iOS are unaffected, and do not have an update.
The security issues are CVE-2014-3500, CVE-2014-3501, and CVE-2014-3502.
For your convenience, the text of these CVEs is included here.
A blog post is available at http://cordova.apache.org/#news
CVE-2014-3500: Cordova cross-application scripting via Android intent URLs
Severity: High
Vendor: The Apache Software Foundation
Versions Affected: Cordova Android versions up to 3.5.0
Description: Android applications built with the Cordova framework can be launched through a special intent URL. A specially-crafted URL could cause the Cordova-based application to start up with a different start page than the developer intended, including other HTML content stored on the Android device. This has been the case in all released versions of Cordova up to 3.5.0, and has been fixed in the latest release (3.5.1). We recommend affected projects update their applications to the latest release.
Upgrade path: Developers who are concerned about this should rebuild their applications with Cordova Android 3.5.1.
Credit: This issue was discovered by David Kaplan and Roee Hay of IBM Security Systems.
CVE-2014-3501: Cordova whitelist bypass for non-HTTP URLs
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: All released Cordova Android versions
Description: Android applications built with the Cordova framework use a WebView component to display content. Cordova applications can specify a whitelist of URLs which the application will be allowed to display, or to communicate with via XMLHttpRequest. This whitelist, however, is not used by the WebView component when it is directed via JavaScript to communicate over non-http channels.
It is possible to mitigate this attack vector by adding a CSP meta tag to all HTML pages in the application, to allow connections only to trusted sources. App developers should also upgrade to Cordova Android 3.5.1, to reduce the risk of XAS attacks against their applications, which could then use this mechanism to reach unintended servers. See CVE-2014-3500 for more information on a possible XAS vulnerability.
Upgrade path: Developers who are concerned about this should rebuild their applications with Cordova Android 3.5.1, and consider adding CSP meta tags to their application HTML.
Credit: This issue was discovered by David Kaplan and Roee Hay of IBM Security Systems.
CVE-2014-3502: Cordova apps can potentially leak data to other apps via Android intent URLs
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Cordova Android versions up to 3.5.0
Description: Android applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network.
The latest release of Cordova Android takes steps to block explicit Android intent urls, so that they can no longer be used to start arbitrary applications on the device.
Upgrade path: Developers who are concerned about this should rebuild their applications with Cordova Android 3.5.1.
Credit: This issue was discovered by David Kaplan and Roee Hay of IBM Security Systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cordova",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "3.5.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cirpack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "columbia sip user agent sipc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dynamicsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iptel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediatrix telecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pingtel",
"version": null
},
{
"model": "cordova",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "android 3.5.1"
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "ne",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.6"
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "appengine",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "ne",
"trust": 0.3,
"vendor": "columbia",
"version": "2.0"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.9"
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3-1"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "osip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.5"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.4"
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server compact",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000-"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.0"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1-1"
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "eq",
"trust": 0.3,
"vendor": "columbia",
"version": "1.74"
},
{
"model": "osip",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.5"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1"
},
{
"model": "c++ sip user agent",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "5.0"
},
{
"model": "sip express router",
"scope": "ne",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "6.0"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2-1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.8"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:cordova:3.5.0:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3501"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Kaplan and Roee Hay of IBM Security Systems.",
"sources": [
{
"db": "BID",
"id": "69041"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
],
"trust": 0.9
},
"cve": "CVE-2014-3501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-3501",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3501",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#528719",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-071",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. \nApache Cordova for Android versions 3.5.0 and prior are vulnerable. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. \nThese issues are related to handling of SIP INVITE messages. \nExploitation and the specific nature of each vulnerability may depend on the particular implementation. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the\nSession Initiation Protocol (SIP)\n\n Original release date: February 21, 2003\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n Other systems making use of SIP may also be vulnerable but were not\n specifically tested. Not all SIP implementations are affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from VU#528719. These\n vulnerabilities may allow an attacker to gain unauthorized privileged\n access, cause denial-of-service attacks, or cause unstable system\n behavior. If your site uses SIP-enabled products in any capacity, the\n CERT/CC encourages you to read this advisory and follow the advice\n provided in the Solution section below. \n\nI. \n SIP is a text-based protocol for initiating communication and data\n sessions between users. \n\n The Oulu University Secure Programming Group (OUSPG) previously\n conducted research into vulnerabilities in LDAP, culminating in CERT\n Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03. \n\n OUSPG\u0027s most recent research focused on a subset of SIP related to the\n INVITE message, which SIP agents and proxies are required to accept in\n order to set up sessions. Note that \"throttling\" is an expected\n behavior. \n\n Specifications for the Session Initiation Protocol are available in\n RFC3261:\n\n http://www.ietf.org/rfc/rfc3261.txt\n\n OUSPG has established the following site with detailed documentation\n regarding SIP and the implementation test results from the test suite:\n\n http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/\n\n The IETF Charter page for SIP is available at\n\n http://www.ietf.org/html.charters/sip-charter.html\n\nII. Impact\n\n Exploitation of these vulnerabilities may result in denial-of-service\n conditions, service interruptions, and in some cases may allow an\n attacker to gain unauthorized access to the affected device. Specific\n impacts will vary from product to product. \n\nIII. Solution\n\n Many of the mitigation steps recommended below may have significant\n impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\n Apply a patch from your vendor\n\n Appendix A contains information provided by vendors for this\n advisory. Please consult this appendix and VU#528719 to determine\n if your product is vulnerable. If a statement is unavailable, you\n may need to contact your vendor directly. \n\n Disable the SIP-enabled devices and services\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required. Some of the affected\n products may rely on SIP to be functional. You should carefully\n consider the impact of blocking services that you may be using. \n\n Ingress filtering\n\n As a temporary measure, it may be possible to limit the scope of\n these vulnerabilities by blocking access to SIP devices and\n services at the network perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a\n network under your administrative control. Servers are typically\n the only machines that need to accept inbound traffic from the\n public Internet. Note that most SIP User Agents (including IP\n phones or \"clien\"t software) consist of a User Agent Client and a\n User Agent Server. In the network usage policy of many sites, there\n are few reasons for external hosts to initiate inbound traffic to\n machines that provide no public services. Thus, ingress filtering\n should be performed at the border to prohibit externally initiated\n inbound traffic to non-authorized services. \n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\n Egress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need\n for machines providing public services to initiate outbound traffic\n to the Internet. In the case of the SIP vulnerabilities, employing\n egress filtering on the ports listed above at your network border\n may prevent your network from being used as a source for attacks on\n other sites. \n\n Block SIP requests directed to broadcast addresses at your router. \n\n Since SIP requests can be transmitted via UDP, broadcast attacks\n are possible. One solution to prevent your site from being used as\n an intermediary in an attack is to block SIP requests directed to\n broadcast addresses at your router. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\n America Online Inc\n\n Not vulnerable. \n\n Apple Computer Inc. \n\n There are currently no applications shipped by Apple with Mac OS X\n or Mac OS X Server which make use of the Session Initiation\n Protocol. \n\n Borderware\n\n No BorderWare products make use of SIP and thus no BorderWare\n products are affected by this vulnerability. \n We would however like to extend our thanks to the OUSPG for their\n work as well as for the responsible manner in which they handle\n their discoveries. Their detailed reports and test suites are\n certainly well-received. \n We would also like to reiterate the fact that SIP has yet to\n mature, protocol-wise as well as implementation-wise. We do not\n recommend that our customers set up SIP relays in parallel to our\n firewall products to pass SIP-based applications in or out of\n networks where security is a concern of note. \n\n F5 Networks\n\n F5 Networks does not have a SIP server product, and is therefore\n not affected by this vulnerability. \n\n Fujitsu\n\n With regards to VU#528719, Fujitsu\u0027s UXP/V o.s. is not vulnerable\n because the relevant function is not supported under UXP/V. \n\n IBM\n\n SIP is not implemented as part of the AIX operating system. \n\n IP Filter\n\n IPFilter does not do any SIP specific protocol handling and is\n therefore not affected by the issues mentioned in the paper cited. \n\n IPTel\n\n All versions of SIP Express Router up to 0.8.9 are sadly vulnerable\n to the OUSPG test suite. We strongly advice to upgrade to version\n 0.8.10. Please also apply the patch to version 0.8.10 from\n http://www.iptel.org/ser/security/\n before installation and keep on watching this site in the future. \n We apologize to our users for the trouble. \n\n Hewlett-Packard Company\n\n Source:\n Hewlett-Packard Company\n Software Security Response Team\n cross reference id: SSRT2402\n\n HP-UX - not vulnerable\n HP-MPE/ix - not vulnerable\n HP Tru64 UNIX - not vulnerable\n HP OpenVMS - not vulnerable\n HP NonStop Servers - not vulnerable\n\n To report potential security vulnerabilities in HP software, send\n an E-mail message to: mailto:security-alert@hp.com\n\n Lucent\n\n No Lucent products are known to be affected by this vulnerability,\n however we are still researching the issue and will update this\n statement as needed. \n\n Microsoft Corporation\n\n Microsoft has investigated these issues. The Microsoft SIP client\n implementation is not affected. \n\n NEC Corporation\n\n ===================================================================\n NEC vendor statement for VU#528719\n ===================================================================\n\n sent on February 13, 2002\n Server Products\n * EWS/UP 48 Series operating system\n * - is NOT vulnerable, because it does not support SIP. \n\n Router Products\n * IX 1000 / 2000 / 5000 Series\n * - is NOT vulnerable, because it does not support SIP. \n\n Other Network products\n * We continue to check our products which support SIP protocol. \n\n ===================================================================\n\n NETBSD\n\n NetBSD does not ship any implementation of SIP. \n\n NETfilter.org\n\n As the linux 2.4/2.5 netfilter implementation currently doesn\u0027t\n support connection tracking or NAT for the SIP protocol suite, we\n are not vulnerable to this bug. \n\n NetScreen\n\n NetScreen is not vulnerable to this issue. \n\n Network Appliance\n\n NetApp products are not affected by this vulnerability. \n\n Nokia\n\n Nokia IP Security Platforms based on IPSO, Nokis Small Office\n Solution platforms, Nokia VPN products and Nokia Message Protector\n platform do not initiate or terminate SIP based sessions. The\n mentioned Nokia products are not susceptible to this vulnerability\n\n Nortel Networks\n\n Nortel Networks is cooperating to the fullest extent with the CERT\n Coordination Center. All Nortel Networks products that use Session\n Initiation Protocol SIP) have been tested and all generally\n available products, with the following exceptions, have passed the\n test suite:\n\n Succession Communication Server 2000 and Succession Communication\n Server 2000 - Compact are impacted by the test suite only in\n configurations where SIP-T has been provisioned within the\n Communication Server; a software patch is expected to be available\n by the end of February. \n\n For further information about Nortel Networks products please\n contact Nortel Networks Global Network Support. \n\n North America: 1-800-4-NORTEL, or (1-800-466-7835)\n Europe, Middle East \u0026 Africa: 00800 8008 9009, or +44 (0) 870 907\n 9009\n\n Contacts for other regions available at the Global Contact\n \u003chttp://www.nortelnetworks.com/help/contact/global/\u003e web page. \n\n Novell\n\n Novell has no products implementing SIP. \n\n Secure Computing Corporation\n\n Neither Sidewinder nor Gauntlet implements SIP, so we do not need\n to be on the vendor list for this vulnerability. \n\n SecureWorx\n\n We hereby attest that SecureWorx Basilisk Gateway Security product\n suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the\n Session Initiation Protocol (SIP) Vulnerability VU#528719 as\n described in the OUSPG announcement (OUSPG#0106) received on Fri, 8\n Nov 2002 10:17:11 -0500. \n\n Stonesoft\n\n Stonesoft\u0027s StoneGate high availability firewall and VPN product\n does not contain any code that handles SIP protocol. No versions of\n StoneGate are vulnerable. \n\n Symantec\n\n Symantec Corporation products are not vulnerable to this issue. \n\n Xerox\n\n Xerox is aware of this vulnerability and is currently assessing all\n products. This statement will be updated as new information becomes\n available. \n\nAppendix B. - References\n\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/528719\n 3. http://www.cert.org/tech_tips/denial_of_service.html\n 4. http://www.ietf.org/html.charters/sip-charter.html\n 5. RFC3261 - SIP: Session Initiation Protocol\n 6. RFC2327 - SDP: Session Description Protocol\n 7. RFC2279 - UTF-8, a transformation format of ISO 10646\n 8. Session Initiation Protocol Basic Call Flow Examples \n 9. We would also like to acknowledge the\n \"RedSkins\" project of \"MediaTeam Oulu\" for their support of this\n research. \n _________________________________________________________________\n\n Feedback on this document can be directed to the authors, \n Jason A. Rafail and Ian A. Finlay. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2003-06.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2003 Carnegie Mellon University. \n\n Revision History\n Feb 21, 2003: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG\nIXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ\n17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O\nEisa8/wivlM=\n=p961\n-----END PGP SIGNATURE-----\n. Android Platform Release: 04 Aug 2014\n\nSecurity issues were discovered in the Android platform of Cordova. Other Cordova platforms such as iOS are unaffected, and do not have an update. \n\nThe security issues are CVE-2014-3500, CVE-2014-3501, and CVE-2014-3502. \n\nFor your convenience, the text of these CVEs is included here. \n\nA blog post is available at http://cordova.apache.org/#news\n\n\nCVE-2014-3500: Cordova cross-application scripting via Android intent URLs\n\n\nSeverity: High\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nCordova Android versions up to 3.5.0\n\nDescription:\nAndroid applications built with the Cordova framework can be launched through\na special intent URL. A specially-crafted URL could cause the Cordova-based\napplication to start up with a different start page than the developer\nintended, including other HTML content stored on the Android device. This has\nbeen the case in all released versions of Cordova up to 3.5.0, and has been\nfixed in the latest release (3.5.1). We recommend affected projects update\ntheir applications to the latest release. \n\nUpgrade path:\nDevelopers who are concerned about this should rebuild their applications with\nCordova Android 3.5.1. \n\nCredit:\nThis issue was discovered by David Kaplan and Roee Hay of IBM Security Systems. \n\n\nCVE-2014-3501: Cordova whitelist bypass for non-HTTP URLs\n\n\nSeverity: Medium\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nAll released Cordova Android versions\n\nDescription:\nAndroid applications built with the Cordova framework use a WebView component\nto display content. Cordova applications can specify a whitelist of URLs which\nthe application will be allowed to display, or to communicate with via\nXMLHttpRequest. This whitelist, however, is not used by the WebView component\nwhen it is directed via JavaScript to communicate over non-http channels. \n\nIt is possible to mitigate this attack vector by adding a CSP meta tag to all\nHTML pages in the application, to allow connections only to trusted sources. \nApp developers should also upgrade to Cordova Android 3.5.1, to reduce the risk\nof XAS attacks against their applications, which could then use this mechanism\nto reach unintended servers. See CVE-2014-3500 for more information on a\npossible XAS vulnerability. \n\nUpgrade path:\nDevelopers who are concerned about this should rebuild their applications with\nCordova Android 3.5.1, and consider adding CSP meta tags to their application\nHTML. \n\nCredit:\nThis issue was discovered by David Kaplan and Roee Hay of IBM Security Systems. \n\n\nCVE-2014-3502: Cordova apps can potentially leak data to other apps via Android\nintent URLs\n\n\nSeverity: Medium\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nCordova Android versions up to 3.5.0\n\nDescription:\nAndroid applications built with the Cordova framework can launch other\napplications through the use of anchor tags, or by redirecting the webview to\nan Android intent URL. An attacker who can manipulate the HTML content of a\nCordova application can create links which open other applications and send\narbitrary data to those applications. An attacker who can run arbitrary\nJavaScript code within the context of the Cordova application can also set the\ndocument location to such a URL. By using this in concert with a second,\nvulnerable application, an attacker might be able to use this method to send\ndata from the Cordova application to the network. \n\nThe latest release of Cordova Android takes steps to block explicit Android\nintent urls, so that they can no longer be used to start arbitrary applications\non the device. \n\nUpgrade path:\nDevelopers who are concerned about this should rebuild their applications with\nCordova Android 3.5.1. \n\nCredit:\nThis issue was discovered by David Kaplan and Roee Hay of IBM Security Systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "BID",
"id": "69041"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "PACKETSTORM",
"id": "127754"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3501",
"trust": 2.8
},
{
"db": "BID",
"id": "69041",
"trust": 1.3
},
{
"db": "CERT/CC",
"id": "VU#528719",
"trust": 1.2
},
{
"db": "BID",
"id": "6904",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "30838",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127754",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "69041"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "PACKETSTORM",
"id": "127754"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"id": "VAR-201411-0060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37675563
},
"last_update_date": "2023-12-18T12:13:48.964000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apache Cordova Android 3.5.1",
"trust": 0.8,
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"trust": 1.2,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/69041"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/html.charters/sip-charter.html"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/rfc/rfc3261.txt"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/ "
},
{
"trust": 0.8,
"url": "http://www.mediateam.oulu.fi/projects/redskins/?lang=en"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3665.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2327.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2279.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3501"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3501"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/6904"
},
{
"trust": 0.4,
"url": "http://www.cert.org/advisories/ca-2003-06.html"
},
{
"trust": 0.4,
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"trust": 0.3,
"url": "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php"
},
{
"trust": 0.3,
"url": "http://www.fsf.org/software/osip/osip.html"
},
{
"trust": 0.3,
"url": "http://www.partysip.org/"
},
{
"trust": 0.3,
"url": "http://www.iptel.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=16123"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.iptel.org/ser/security/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/\u003e"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3501"
},
{
"trust": 0.1,
"url": "http://cordova.apache.org/#news"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "PACKETSTORM",
"id": "127754"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "69041"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "PACKETSTORM",
"id": "127754"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2014-08-04T00:00:00",
"db": "BID",
"id": "69041"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"date": "2003-02-21T17:04:53",
"db": "PACKETSTORM",
"id": "30838"
},
{
"date": "2014-08-05T21:19:09",
"db": "PACKETSTORM",
"id": "127754"
},
{
"date": "2014-11-15T21:59:03.023000",
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"date": "2014-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2014-12-09T00:57:00",
"db": "BID",
"id": "69041"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"date": "2014-11-17T14:03:49.630000",
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"date": "2014-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "69041"
},
{
"db": "BID",
"id": "6904"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
],
"trust": 0.6
}
}
VAR-200312-0088
Vulnerability from variot - Updated: 2023-12-18 12:13The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation. SIP is part of the IETF standards process, and it builds on foundations such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext Transfer Protocol). It is used to establish, change and terminate calls between users based on IP networks. These vulnerabilities include buffer overflow and improper handling of request messages containing illegal headers, which can cause buffer overflow on devices running this protocol, resulting in denial of service, and may also cause unauthorized access or remote execution of arbitrary commands. Cisco IP Telephony Modules 7940 and 7960 have these vulnerabilities, which can cause denial of service, and are documented in Cisco Bug IDs CSCdz26317, CSCdz29003, CSCdz29033, and CSCdz29041. Versions running Cisco IOS 12.2T train or any 12.2 \'\'X\'\' train will reset due to incorrect handling of SIP protocols containing illegal headers. These vulnerabilities are documented in Cisco Bug IDs CSCdz39284 and CSCdz41124. Devices running an IOS version with this vulnerability and configured as a SIP gateway will cause the vulnerability generated by CSCdz39284. However, any version of IOS running with this vulnerability and configured in NAT mode will cause the vulnerability described by CSCdz41124 when SIP uses UDP for transmission. The Cisco PIX firewall resets when it receives a fragmented SIP INVITE message. Since the current SIP patch does not support fragmented SIP messages, the vulnerability described by Cisco Bug ID CSCdx47789 is temporarily patched by dropping SIP fragments.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
Original release date: February 21, 2003 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file. Other systems making use of SIP may also be vulnerable but were not specifically tested. Not all SIP implementations are affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from VU#528719. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
I. SIP is a text-based protocol for initiating communication and data sessions between users.
The Oulu University Secure Programming Group (OUSPG) previously conducted research into vulnerabilities in LDAP, culminating in CERT Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03.
OUSPG's most recent research focused on a subset of SIP related to the INVITE message, which SIP agents and proxies are required to accept in order to set up sessions. Note that "throttling" is an expected behavior. Impact
Exploitation of these vulnerabilities may result in denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain unauthorized access to the affected device. Specific impacts will vary from product to product.
III. Solution
Many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this
advisory. Please consult this appendix and VU#528719 to determine
if your product is vulnerable. If a statement is unavailable, you
may need to contact your vendor directly.
Disable the SIP-enabled devices and services
As a general rule, the CERT/CC recommends disabling any service or
capability that is not explicitly required. Some of the affected
products may rely on SIP to be functional. You should carefully
consider the impact of blocking services that you may be using.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of
these vulnerabilities by blocking access to SIP devices and
services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a
network under your administrative control. Servers are typically
the only machines that need to accept inbound traffic from the
public Internet. Note that most SIP User Agents (including IP
phones or "clien"t software) consist of a User Agent Client and a
User Agent Server. In the network usage policy of many sites, there
are few reasons for external hosts to initiate inbound traffic to
machines that provide no public services. Thus, ingress filtering
should be performed at the border to prohibit externally initiated
inbound traffic to non-authorized services.
Please note that this workaround may not protect vulnerable devices
from internal attacks.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need
for machines providing public services to initiate outbound traffic
to the Internet. In the case of the SIP vulnerabilities, employing
egress filtering on the ports listed above at your network border
may prevent your network from being used as a source for attacks on
other sites.
Block SIP requests directed to broadcast addresses at your router.
Since SIP requests can be transmitted via UDP, broadcast attacks
are possible. One solution to prevent your site from being used as
an intermediary in an attack is to block SIP requests directed to
broadcast addresses at your router.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
America Online Inc
Not vulnerable.
Apple Computer Inc.
There are currently no applications shipped by Apple with Mac OS X
or Mac OS X Server which make use of the Session Initiation
Protocol.
Borderware
No BorderWare products make use of SIP and thus no BorderWare
products are affected by this vulnerability.
We would however like to extend our thanks to the OUSPG for their
work as well as for the responsible manner in which they handle
their discoveries. Their detailed reports and test suites are
certainly well-received.
We would also like to reiterate the fact that SIP has yet to
mature, protocol-wise as well as implementation-wise. We do not
recommend that our customers set up SIP relays in parallel to our
firewall products to pass SIP-based applications in or out of
networks where security is a concern of note.
F5 Networks
F5 Networks does not have a SIP server product, and is therefore
not affected by this vulnerability.
Fujitsu
With regards to VU#528719, Fujitsu's UXP/V o.s. is not vulnerable
because the relevant function is not supported under UXP/V.
IBM
SIP is not implemented as part of the AIX operating system.
IP Filter
IPFilter does not do any SIP specific protocol handling and is
therefore not affected by the issues mentioned in the paper cited.
IPTel
All versions of SIP Express Router up to 0.8.9 are sadly vulnerable
to the OUSPG test suite. We strongly advice to upgrade to version
0.8.10. Please also apply the patch to version 0.8.10 from
http://www.iptel.org/ser/security/
before installation and keep on watching this site in the future.
We apologize to our users for the trouble.
Hewlett-Packard Company
Source:
Hewlett-Packard Company
Software Security Response Team
cross reference id: SSRT2402
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send
an E-mail message to: mailto:security-alert@hp.com
Lucent
No Lucent products are known to be affected by this vulnerability,
however we are still researching the issue and will update this
statement as needed.
Microsoft Corporation
Microsoft has investigated these issues. The Microsoft SIP client
implementation is not affected.
NEC Corporation
===================================================================
NEC vendor statement for VU#528719
===================================================================
sent on February 13, 2002
Server Products
* EWS/UP 48 Series operating system
* - is NOT vulnerable, because it does not support SIP.
Router Products
* IX 1000 / 2000 / 5000 Series
* - is NOT vulnerable, because it does not support SIP.
Other Network products
* We continue to check our products which support SIP protocol.
===================================================================
NETBSD
NetBSD does not ship any implementation of SIP.
NETfilter.org
As the linux 2.4/2.5 netfilter implementation currently doesn't
support connection tracking or NAT for the SIP protocol suite, we
are not vulnerable to this bug.
NetScreen
NetScreen is not vulnerable to this issue.
Network Appliance
NetApp products are not affected by this vulnerability.
Nokia
Nokia IP Security Platforms based on IPSO, Nokis Small Office
Solution platforms, Nokia VPN products and Nokia Message Protector
platform do not initiate or terminate SIP based sessions. The
mentioned Nokia products are not susceptible to this vulnerability
Nortel Networks
Nortel Networks is cooperating to the fullest extent with the CERT
Coordination Center. All Nortel Networks products that use Session
Initiation Protocol SIP) have been tested and all generally
available products, with the following exceptions, have passed the
test suite:
Succession Communication Server 2000 and Succession Communication
Server 2000 - Compact are impacted by the test suite only in
configurations where SIP-T has been provisioned within the
Communication Server; a software patch is expected to be available
by the end of February.
For further information about Nortel Networks products please
contact Nortel Networks Global Network Support.
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907
9009
Contacts for other regions available at the Global Contact
<http://www.nortelnetworks.com/help/contact/global/> web page.
Novell
Novell has no products implementing SIP.
Secure Computing Corporation
Neither Sidewinder nor Gauntlet implements SIP, so we do not need
to be on the vendor list for this vulnerability.
SecureWorx
We hereby attest that SecureWorx Basilisk Gateway Security product
suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the
Session Initiation Protocol (SIP) Vulnerability VU#528719 as
described in the OUSPG announcement (OUSPG#0106) received on Fri, 8
Nov 2002 10:17:11 -0500.
Stonesoft
Stonesoft's StoneGate high availability firewall and VPN product
does not contain any code that handles SIP protocol. No versions of
StoneGate are vulnerable.
Symantec
Symantec Corporation products are not vulnerable to this issue.
Xerox
Xerox is aware of this vulnerability and is currently assessing all
products. This statement will be updated as new information becomes
available.
Appendix B. - References
1. http://www.ee.oulu.fi/research/ouspg/protos/
2. http://www.kb.cert.org/vuls/id/528719
3. http://www.cert.org/tech_tips/denial_of_service.html
4. http://www.ietf.org/html.charters/sip-charter.html
5. RFC3261 - SIP: Session Initiation Protocol
6. RFC2327 - SDP: Session Description Protocol
7. RFC2279 - UTF-8, a transformation format of ISO 10646
8. Session Initiation Protocol Basic Call Flow Examples
9. We would also like to acknowledge the
"RedSkins" project of "MediaTeam Oulu" for their support of this research.
Feedback on this document can be directed to the authors, Jason A. Rafail and Ian A. Finlay.
This document is available from: http://www.cert.org/advisories/CA-2003-06.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History Feb 21, 2003: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG IXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ 17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O Eisa8/wivlM= =p961 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sip express router",
"scope": "eq",
"trust": 1.9,
"vendor": "iptel",
"version": "0.8.9"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 1.9,
"vendor": "iptel",
"version": "0.8.8"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cirpack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "columbia sip user agent sipc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dynamicsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iptel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediatrix telecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pingtel",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "ne",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.6"
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "appengine",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "ne",
"trust": 0.3,
"vendor": "columbia",
"version": "2.0"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3-1"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "osip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.5"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.4"
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server compact",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000-"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.0"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1-1"
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "eq",
"trust": 0.3,
"vendor": "columbia",
"version": "1.74"
},
{
"model": "osip",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.5"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1"
},
{
"model": "c++ sip user agent",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "5.0"
},
{
"model": "sip express router",
"scope": "ne",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "6.0"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2-1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "NVD",
"id": "CVE-2003-1113"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iptel:sip_express_router:0.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:iptel:sip_express_router:0.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1113"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oulu University Secure Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-211"
}
],
"trust": 0.6
},
"cve": "CVE-2003-1113",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7938",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-1113",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#528719",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-211",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7938",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7938"
},
{
"db": "NVD",
"id": "CVE-2003-1113"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. \nThese issues are related to handling of SIP INVITE messages. \nExploitation and the specific nature of each vulnerability may depend on the particular implementation. SIP is part of the IETF standards process, and it builds on foundations such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext Transfer Protocol). It is used to establish, change and terminate calls between users based on IP networks. These vulnerabilities include buffer overflow and improper handling of request messages containing illegal headers, which can cause buffer overflow on devices running this protocol, resulting in denial of service, and may also cause unauthorized access or remote execution of arbitrary commands. Cisco IP Telephony Modules 7940 and 7960 have these vulnerabilities, which can cause denial of service, and are documented in Cisco Bug IDs CSCdz26317, CSCdz29003, CSCdz29033, and CSCdz29041. Versions running Cisco IOS 12.2T train or any 12.2 \\\u0027\\\u0027X\\\u0027\\\u0027 train will reset due to incorrect handling of SIP protocols containing illegal headers. These vulnerabilities are documented in Cisco Bug IDs CSCdz39284 and CSCdz41124. Devices running an IOS version with this vulnerability and configured as a SIP gateway will cause the vulnerability generated by CSCdz39284. However, any version of IOS running with this vulnerability and configured in NAT mode will cause the vulnerability described by CSCdz41124 when SIP uses UDP for transmission. The Cisco PIX firewall resets when it receives a fragmented SIP INVITE message. Since the current SIP patch does not support fragmented SIP messages, the vulnerability described by Cisco Bug ID CSCdx47789 is temporarily patched by dropping SIP fragments. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the\nSession Initiation Protocol (SIP)\n\n Original release date: February 21, 2003\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n Other systems making use of SIP may also be vulnerable but were not\n specifically tested. Not all SIP implementations are affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from VU#528719. These\n vulnerabilities may allow an attacker to gain unauthorized privileged\n access, cause denial-of-service attacks, or cause unstable system\n behavior. If your site uses SIP-enabled products in any capacity, the\n CERT/CC encourages you to read this advisory and follow the advice\n provided in the Solution section below. \n\nI. \n SIP is a text-based protocol for initiating communication and data\n sessions between users. \n\n The Oulu University Secure Programming Group (OUSPG) previously\n conducted research into vulnerabilities in LDAP, culminating in CERT\n Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03. \n\n OUSPG\u0027s most recent research focused on a subset of SIP related to the\n INVITE message, which SIP agents and proxies are required to accept in\n order to set up sessions. Note that \"throttling\" is an expected\n behavior. Impact\n\n Exploitation of these vulnerabilities may result in denial-of-service\n conditions, service interruptions, and in some cases may allow an\n attacker to gain unauthorized access to the affected device. Specific\n impacts will vary from product to product. \n\nIII. Solution\n\n Many of the mitigation steps recommended below may have significant\n impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\n Apply a patch from your vendor\n\n Appendix A contains information provided by vendors for this\n advisory. Please consult this appendix and VU#528719 to determine\n if your product is vulnerable. If a statement is unavailable, you\n may need to contact your vendor directly. \n\n Disable the SIP-enabled devices and services\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required. Some of the affected\n products may rely on SIP to be functional. You should carefully\n consider the impact of blocking services that you may be using. \n\n Ingress filtering\n\n As a temporary measure, it may be possible to limit the scope of\n these vulnerabilities by blocking access to SIP devices and\n services at the network perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a\n network under your administrative control. Servers are typically\n the only machines that need to accept inbound traffic from the\n public Internet. Note that most SIP User Agents (including IP\n phones or \"clien\"t software) consist of a User Agent Client and a\n User Agent Server. In the network usage policy of many sites, there\n are few reasons for external hosts to initiate inbound traffic to\n machines that provide no public services. Thus, ingress filtering\n should be performed at the border to prohibit externally initiated\n inbound traffic to non-authorized services. \n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\n Egress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need\n for machines providing public services to initiate outbound traffic\n to the Internet. In the case of the SIP vulnerabilities, employing\n egress filtering on the ports listed above at your network border\n may prevent your network from being used as a source for attacks on\n other sites. \n\n Block SIP requests directed to broadcast addresses at your router. \n\n Since SIP requests can be transmitted via UDP, broadcast attacks\n are possible. One solution to prevent your site from being used as\n an intermediary in an attack is to block SIP requests directed to\n broadcast addresses at your router. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\n America Online Inc\n\n Not vulnerable. \n\n Apple Computer Inc. \n\n There are currently no applications shipped by Apple with Mac OS X\n or Mac OS X Server which make use of the Session Initiation\n Protocol. \n\n Borderware\n\n No BorderWare products make use of SIP and thus no BorderWare\n products are affected by this vulnerability. \n We would however like to extend our thanks to the OUSPG for their\n work as well as for the responsible manner in which they handle\n their discoveries. Their detailed reports and test suites are\n certainly well-received. \n We would also like to reiterate the fact that SIP has yet to\n mature, protocol-wise as well as implementation-wise. We do not\n recommend that our customers set up SIP relays in parallel to our\n firewall products to pass SIP-based applications in or out of\n networks where security is a concern of note. \n\n F5 Networks\n\n F5 Networks does not have a SIP server product, and is therefore\n not affected by this vulnerability. \n\n Fujitsu\n\n With regards to VU#528719, Fujitsu\u0027s UXP/V o.s. is not vulnerable\n because the relevant function is not supported under UXP/V. \n\n IBM\n\n SIP is not implemented as part of the AIX operating system. \n\n IP Filter\n\n IPFilter does not do any SIP specific protocol handling and is\n therefore not affected by the issues mentioned in the paper cited. \n\n IPTel\n\n All versions of SIP Express Router up to 0.8.9 are sadly vulnerable\n to the OUSPG test suite. We strongly advice to upgrade to version\n 0.8.10. Please also apply the patch to version 0.8.10 from\n http://www.iptel.org/ser/security/\n before installation and keep on watching this site in the future. \n We apologize to our users for the trouble. \n\n Hewlett-Packard Company\n\n Source:\n Hewlett-Packard Company\n Software Security Response Team\n cross reference id: SSRT2402\n\n HP-UX - not vulnerable\n HP-MPE/ix - not vulnerable\n HP Tru64 UNIX - not vulnerable\n HP OpenVMS - not vulnerable\n HP NonStop Servers - not vulnerable\n\n To report potential security vulnerabilities in HP software, send\n an E-mail message to: mailto:security-alert@hp.com\n\n Lucent\n\n No Lucent products are known to be affected by this vulnerability,\n however we are still researching the issue and will update this\n statement as needed. \n\n Microsoft Corporation\n\n Microsoft has investigated these issues. The Microsoft SIP client\n implementation is not affected. \n\n NEC Corporation\n\n ===================================================================\n NEC vendor statement for VU#528719\n ===================================================================\n\n sent on February 13, 2002\n Server Products\n * EWS/UP 48 Series operating system\n * - is NOT vulnerable, because it does not support SIP. \n\n Router Products\n * IX 1000 / 2000 / 5000 Series\n * - is NOT vulnerable, because it does not support SIP. \n\n Other Network products\n * We continue to check our products which support SIP protocol. \n\n ===================================================================\n\n NETBSD\n\n NetBSD does not ship any implementation of SIP. \n\n NETfilter.org\n\n As the linux 2.4/2.5 netfilter implementation currently doesn\u0027t\n support connection tracking or NAT for the SIP protocol suite, we\n are not vulnerable to this bug. \n\n NetScreen\n\n NetScreen is not vulnerable to this issue. \n\n Network Appliance\n\n NetApp products are not affected by this vulnerability. \n\n Nokia\n\n Nokia IP Security Platforms based on IPSO, Nokis Small Office\n Solution platforms, Nokia VPN products and Nokia Message Protector\n platform do not initiate or terminate SIP based sessions. The\n mentioned Nokia products are not susceptible to this vulnerability\n\n Nortel Networks\n\n Nortel Networks is cooperating to the fullest extent with the CERT\n Coordination Center. All Nortel Networks products that use Session\n Initiation Protocol SIP) have been tested and all generally\n available products, with the following exceptions, have passed the\n test suite:\n\n Succession Communication Server 2000 and Succession Communication\n Server 2000 - Compact are impacted by the test suite only in\n configurations where SIP-T has been provisioned within the\n Communication Server; a software patch is expected to be available\n by the end of February. \n\n For further information about Nortel Networks products please\n contact Nortel Networks Global Network Support. \n\n North America: 1-800-4-NORTEL, or (1-800-466-7835)\n Europe, Middle East \u0026 Africa: 00800 8008 9009, or +44 (0) 870 907\n 9009\n\n Contacts for other regions available at the Global Contact\n \u003chttp://www.nortelnetworks.com/help/contact/global/\u003e web page. \n\n Novell\n\n Novell has no products implementing SIP. \n\n Secure Computing Corporation\n\n Neither Sidewinder nor Gauntlet implements SIP, so we do not need\n to be on the vendor list for this vulnerability. \n\n SecureWorx\n\n We hereby attest that SecureWorx Basilisk Gateway Security product\n suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the\n Session Initiation Protocol (SIP) Vulnerability VU#528719 as\n described in the OUSPG announcement (OUSPG#0106) received on Fri, 8\n Nov 2002 10:17:11 -0500. \n\n Stonesoft\n\n Stonesoft\u0027s StoneGate high availability firewall and VPN product\n does not contain any code that handles SIP protocol. No versions of\n StoneGate are vulnerable. \n\n Symantec\n\n Symantec Corporation products are not vulnerable to this issue. \n\n Xerox\n\n Xerox is aware of this vulnerability and is currently assessing all\n products. This statement will be updated as new information becomes\n available. \n\nAppendix B. - References\n\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/528719\n 3. http://www.cert.org/tech_tips/denial_of_service.html\n 4. http://www.ietf.org/html.charters/sip-charter.html\n 5. RFC3261 - SIP: Session Initiation Protocol\n 6. RFC2327 - SDP: Session Description Protocol\n 7. RFC2279 - UTF-8, a transformation format of ISO 10646\n 8. Session Initiation Protocol Basic Call Flow Examples \n 9. We would also like to acknowledge the\n \"RedSkins\" project of \"MediaTeam Oulu\" for their support of this\n research. \n _________________________________________________________________\n\n Feedback on this document can be directed to the authors, \n Jason A. Rafail and Ian A. Finlay. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2003-06.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2003 Carnegie Mellon University. \n\n Revision History\n Feb 21, 2003: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG\nIXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ\n17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O\nEisa8/wivlM=\n=p961\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1113"
},
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "VULHUB",
"id": "VHN-7938"
},
{
"db": "PACKETSTORM",
"id": "30838"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719",
"trust": 2.9
},
{
"db": "BID",
"id": "6904",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2003-1113",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200312-211",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "CA-2003-06",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4442",
"trust": 0.6
},
{
"db": "XF",
"id": "11379",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7938",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30838",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7938"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1113"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-211"
}
]
},
"id": "VAR-200312-0088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7938"
}
],
"trust": 0.47675563
},
"last_update_date": "2023-12-18T12:13:48.868000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1113"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
},
{
"trust": 2.1,
"url": "http://www.cert.org/advisories/ca-2003-06.html"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"trust": 1.8,
"url": "http://www.iptel.org/ser/security/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6904"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/html.charters/sip-charter.html"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/rfc/rfc3261.txt"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/ "
},
{
"trust": 0.8,
"url": "http://www.mediateam.oulu.fi/projects/redskins/?lang=en"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3665.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2327.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2279.txt"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11379"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4442"
},
{
"trust": 0.3,
"url": "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php"
},
{
"trust": 0.3,
"url": "http://www.fsf.org/software/osip/osip.html"
},
{
"trust": 0.3,
"url": "http://www.partysip.org/"
},
{
"trust": 0.3,
"url": "http://www.iptel.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=16123"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/\u003e"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7938"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1113"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "VULHUB",
"id": "VHN-7938"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "NVD",
"id": "CVE-2003-1113"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2003-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-7938"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2003-02-21T17:04:53",
"db": "PACKETSTORM",
"id": "30838"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1113"
},
{
"date": "2003-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-7938"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2017-07-11T01:29:45.213000",
"db": "NVD",
"id": "CVE-2003-1113"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-211"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "6904"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-211"
}
],
"trust": 0.9
}
}
VAR-201111-0161
Vulnerability from variot - Updated: 2023-12-18 12:09The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. Speedtouch is a wireless Internet router for the home. This vulnerability is related to the \"external forwarding\" vulnerability. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA52035
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
RELEASE DATE: 2013-01-31
DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52035/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information: SA51949
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates.
PROVIDED AND/OR DISCOVERED BY: 2) Rapid7
ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at:
http://www.kb.cert.org/vuls/id/922681
Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "speedtouch 5x6 router",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.2"
},
{
"model": "speedtouch 5x6 router",
"scope": "eq",
"trust": 1.0,
"vendor": "alcatel",
"version": "*"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "6114wg",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.9,
"vendor": "thomson",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.9,
"vendor": "speedtouch",
"version": "5x60"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canyon tech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "edimax computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipitomy",
"version": null
},
{
"model": "speedtouch 5x6 router",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "speedtouch 5x6 router",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.2.29"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wrt54g beta/2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "4.04.20.6/4.04.0.7/3.03.3.6/3.03.1.3/2.02.4.4/2.02.02.82.00.8"
},
{
"model": "speedtouch 5x6 router",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6.2"
},
{
"model": "p-330w",
"scope": "eq",
"trust": 0.3,
"vendor": "zyxel",
"version": "0"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "tg585 router",
"scope": "ne",
"trust": 0.3,
"vendor": "thomson",
"version": "7.4.3.2"
},
{
"model": null,
"scope": "ne",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x66.2.29"
},
{
"model": "wl-153",
"scope": "ne",
"trust": 0.3,
"vendor": "sitcom",
"version": "1.39"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.01.0.6"
},
{
"model": "br-6104k",
"scope": "ne",
"trust": 0.3,
"vendor": "edimax",
"version": "3.25"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:alcatel:speedtouch_5x6_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel:speedtouch_5x6_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4505"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Garcia",
"sources": [
{
"db": "BID",
"id": "50810"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4505",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "VU#357851",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4505",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52450",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4505",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#357851",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-367",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52450",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. \nThe following devices are affected:\nCisco Linksys WRT54G firmware version prior to 4.30.5\nCisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1\nCisco Linksys WRT54GS v4 firmware versions prior to 1.06.1\nCisco Linksys WRT54GX firmware 2.00.05\nEdimax BR-6104K prior to 3.25\nEdimax 6114Wg\nCanyon-Tech CN-WF512 firmware version 1.83\nCanyon-Tech CN-WF514 firmware version 2.08\nSitecom WL-153 prior to firmware 1.39\nSitecom WL-111\nSweex LB000021 firmware version 3.15\nZyXEL P-330W\nSpeedTouch 5x6 firmware versions prior to 6.2.29\nThomson TG585 firmware versions prior to 7.4.3.2. Speedtouch is a wireless Internet router for the home. This vulnerability is related to the \\\"external forwarding\\\" vulnerability. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens OZW / OZS Multiple Products libupnp Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA52035\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52035/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nRELEASE DATE:\n2013-01-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52035/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52035/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in multiple Siemens OZW\nand OZS products, which can be exploited by malicious people to\ncompromise a vulnerable device. \n\n1) Multiple vulnerabilities are caused due to a bundled version of\nlibupnp. \n\nFor more information:\nSA51949\n\n2) Multiple boundary errors within the \"unique_service_name()\"\nfunction (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests\ncan be exploited to cause stack-based buffer overflows. The vendor is planning\nto provide fixes with upcoming firmware updates. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Rapid7\n\nORIGINAL ADVISORY:\nSiemens SSA-963338:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf\n\nRapid7:\nhttps://community.rapid7.com/docs/DOC-2150\nhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This library is used in several vendor network\ndevices in addition to media streaming and file sharing applications. \nThese vulnerabilities were disclosed on January 29th, 2013 in a CERT\nVulnerability Note, VU#922681, which can be viewed at:\n\nhttp://www.kb.cert.org/vuls/id/922681\n\nCisco is currently evaluating products for possible exposure to these\nvulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+\nga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5\n=6sTu\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851",
"trust": 5.8
},
{
"db": "NVD",
"id": "CVE-2011-4505",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-963338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#922681",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2011-5063",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18224",
"trust": 0.6
},
{
"db": "BID",
"id": "50810",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "52035",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52450",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119949",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119896",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"id": "VAR-201111-0161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "VULHUB",
"id": "VHN-52450"
}
],
"trust": 1.4788191
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5063"
}
]
},
"last_update_date": "2023-12-18T12:09:29.730000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alcatel-lucent.com"
},
{
"title": "Patch for Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability (CNVD-2011-5063)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"trust": 2.5,
"url": "http://toor.do/defcon-19-garcia-upnp-mapping-wp.pdf"
},
{
"trust": 1.6,
"url": "http://homekb.cisco.com/cisco2/ukp.aspx?vw=1\u0026articleid=28341"
},
{
"trust": 1.6,
"url": "http://jvn.jp/cert/jvnvu357851"
},
{
"trust": 1.1,
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/docs/doc-2150"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf"
},
{
"trust": 0.8,
"url": "http://toor.do/upnp.html"
},
{
"trust": 0.8,
"url": "http://www.h-online.com/security/news/item/upnp-enabled-routers-allow-attacks-on-lans-1329727.html"
},
{
"trust": 0.8,
"url": "http://pupnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf"
},
{
"trust": 0.8,
"url": "http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp"
},
{
"trust": 0.8,
"url": "http://opentools.homeip.net/dev-tools-for-upnp"
},
{
"trust": 0.8,
"url": "http://upnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/us/en/technology/upnp"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv13-003.html"
},
{
"trust": 0.8,
"url": "http://www.ipitomy.com/index.php/mi-security-notice-ip001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4505"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4505"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/357851http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18224"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130129-upnp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922681"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2013-01-29T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"date": "2011-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52450"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2013-01-31T07:26:31",
"db": "PACKETSTORM",
"id": "119949"
},
{
"date": "2013-01-30T02:46:44",
"db": "PACKETSTORM",
"id": "119896"
},
{
"date": "2011-11-22T11:55:06.090000",
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-30T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2014-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"date": "2012-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-52450"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2012-03-08T05:00:00",
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPnP requests accepted over router WAN interfaces",
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
],
"trust": 0.6
}
}
VAR-200710-0018
Vulnerability from variot - Updated: 2023-12-18 11:39The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues. BT Home Hub and Speedtouch 7G are both home wireless Internet routers.
Multiple security vulnerabilities exist in BT Home Hub and SpeedTouch 7G routers, allowing malicious users to perform cross-site footsteps, cross-site request spoofing, script injection attacks, or bypass certain security restrictions.
1) Input validation errors when processing URLs may allow attackers to access and change password-protected resources, such as configuration and settings pages, through specially crafted URLs containing two slashes.
2) Failure to perform proper filtering before recording the login user name may allow the injection of arbitrary HTML and script code. If the user browses the log, it will be executed in the user's browser session.
3) As the input to the name parameter is not properly filtered, arbitrary HTML and script code may be executed in the user's browser session.
4) Failure to properly filter the input of url parameters in the cgi / b / ic / connect / file may result in the execution of arbitrary HTML and script code in the user's browser session.
5) The device does not perform validity checks on user requests, allowing users to perform certain operations through HTTP requests. If the logged-in administrator visits a malicious site, this may cause the administrator password to be changed.
6) Users can directly access certain pages, such as the Wireless Security page, through the URL without authentication.
7) The administrative user can save the backup or load the configuration file through the URL, and these files should only be accessed by the tech account. Successful exploits of many of these issues will allow an attacker to completely compromise the affected device. NOTE: '/' (slash) vectors are covered by CVE-2007-5383
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200710-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "home hub",
"scope": "lte",
"trust": 1.8,
"vendor": "bt",
"version": "6.2.6.b"
},
{
"model": "speedtouch 7g router",
"scope": "eq",
"trust": 1.0,
"vendor": "alcatel",
"version": "*"
},
{
"model": "speedtouch 7g router",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "speedtouch 7g router",
"scope": null,
"trust": 0.6,
"vendor": "alcatel",
"version": null
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.3,
"vendor": "thomson",
"version": "0"
},
{
"model": "home hub .b",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "6.2.6"
},
{
"model": "home hub",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "6.2.2.6"
},
{
"model": "home hub",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "0"
},
{
"model": "speedtouch 7g",
"scope": null,
"trust": 0.3,
"vendor": "alcatel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel:speedtouch_7g_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:bt:home_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.6.b",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5383"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adrian Pastor\u203b m123303@richmond.ac.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
],
"trust": 0.6
},
"cve": "CVE-2007-5383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-5383",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-28745",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-5383",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200710-197",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-28745",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28745"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues. BT Home Hub and Speedtouch 7G are both home wireless Internet routers. \n\n\u00a0Multiple security vulnerabilities exist in BT Home Hub and SpeedTouch 7G routers, allowing malicious users to perform cross-site footsteps, cross-site request spoofing, script injection attacks, or bypass certain security restrictions. \n\n\u00a01) Input validation errors when processing URLs may allow attackers to access and change password-protected resources, such as configuration and settings pages, through specially crafted URLs containing two slashes. \n\n\u00a02) Failure to perform proper filtering before recording the login user name may allow the injection of arbitrary HTML and script code. If the user browses the log, it will be executed in the user\u0027s browser session. \n\n\u00a03) As the input to the name parameter is not properly filtered, arbitrary HTML and script code may be executed in the user\u0027s browser session. \n\n\u00a04) Failure to properly filter the input of url parameters in the cgi / b / ic / connect / file may result in the execution of arbitrary HTML and script code in the user\u0027s browser session. \n\n\u00a05) The device does not perform validity checks on user requests, allowing users to perform certain operations through HTTP requests. If the logged-in administrator visits a malicious site, this may cause the administrator password to be changed. \n\n\u00a06) Users can directly access certain pages, such as the Wireless Security page, through the URL without authentication. \n\n\u00a07) The administrative user can save the backup or load the configuration file through the URL, and these files should only be accessed by the tech account. \nSuccessful exploits of many of these issues will allow an attacker to completely compromise the affected device. NOTE: \u0027/\u0027 (slash) vectors are covered by CVE-2007-5383",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5383"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "VULHUB",
"id": "VHN-28745"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5383",
"trust": 3.4
},
{
"db": "BID",
"id": "25972",
"trust": 2.0
},
{
"db": "SREASON",
"id": "3213",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-5927",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20071008 BT HOME FLUB: PWNIN THE BT HOME HUB",
"trust": 0.6
},
{
"db": "XF",
"id": "41271",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-28745",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"db": "VULHUB",
"id": "VHN-28745"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
]
},
"id": "VAR-200710-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28745"
}
],
"trust": 0.975
},
"last_update_date": "2023-12-18T11:39:48.732000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alcatel-lucent.com/alcatel/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bt.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28745"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"trust": 2.0,
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25972"
},
{
"trust": 1.7,
"url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
},
{
"trust": 1.7,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3213"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5383"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5383"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41271"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/481835/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.homehub.bt.com/"
},
{
"trust": 0.3,
"url": "http://www.gnucitizen.org/blog/call-jacking"
},
{
"trust": 0.3,
"url": "http://www.thomson.net/en/home/minisites/bap/telecom/subcategory.html?category=dsl%20modems"
},
{
"trust": 0.3,
"url": "/archive/1/481835"
},
{
"trust": 0.3,
"url": "/archive/1/486081"
},
{
"trust": 0.3,
"url": "/archive/1/517314"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28745"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"db": "VULHUB",
"id": "VHN-28745"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"date": "2007-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-28745"
},
{
"date": "2007-10-08T00:00:00",
"db": "BID",
"id": "25972"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"date": "2007-10-12T01:17:00",
"db": "NVD",
"id": "CVE-2007-5383"
},
{
"date": "2007-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28745"
},
{
"date": "2011-04-04T20:05:00",
"db": "BID",
"id": "25972"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"date": "2018-10-15T21:44:13.623000",
"db": "NVD",
"id": "CVE-2007-5383"
},
{
"date": "2007-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BT Home Hub Used in Thomson/Alcatel SpeedTouch 7G Vulnerability to gain administrator access on router",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
],
"trust": 0.6
}
}
VAR-200208-0244
Vulnerability from variot - Updated: 2023-12-18 11:36Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be affected. An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Based on recent reports, we believe this vulnerability is being actively exploited. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. OpenSSL Is OpenSSL On the server SSL version 2.0 ( Less than, SSLv2) The buffer overflow vulnerability is caused by handshake processing. The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. ***UPDATE: A worm that likely exploits this vulnerability has been discovered propagating in the wild. Additionally, this code includes peer-to-peer and distributed denial-of-service capabilities. There have been numerous reports of intrusions in Europe. It is not yet confirmed whether this vulnerability is in OpenSSL, mod_ssl, or another component. Administrators are advised to upgrade to the most recent versions or to disable Apache, if possible, until more information is available. OpenSSL is prone to a buffer-overflow vulnerability involving overly long SSLv3 session IDs. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Summary CS-2002-04
November 26, 2002
Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems.
Past CERT summaries are available from:
CERT Summaries
http://www.cert.org/summaries/
Recent Activity
Since the last regularly scheduled CERT summary, issued in August 2002 (CS-2002-03), we have seen trojan horses for three popular distributions, new self-propagating malicious code (Apache/mod_ssl), and multiple vulnerabilities in BIND. In addition, we have issued a new PGP Key.
For more current information on activity being reported to the CERT/CC, please visit the CERT/CC Current Activity page. The Current Activity page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities being reported to the CERT/CC. The information on the Current Activity page is reviewed and updated as reporting trends change.
CERT/CC Current Activity
http://www.cert.org/current/current_activity.html
1. Reports received by the CERT/CC indicate
that the Apache/mod_ssl worm has already infected thousands of
systems. Over a month earlier, the CERT/CC issued an advisory
(CA-2002-23) describing four remotely exploitable buffer overflows
in OpenSSL. Trojan Horse Sendmail Distribution
The CERT/CC has received confirmation that some copies of the
source code for the Sendmail package have been modified by an
intruder to contain a Trojan horse. These copies began to appear
in downloads from the FTP server ftp.sendmail.org on or around
September 28, 2002. On October 8, 2002, the CERT/CC issued an
advisory (CA-2002-28) describing various methods to verify
software authenticity.
CERT Advisory CA-2002-28
Trojan Horse Sendmail Distribution
http://www.cert.org/advisories/CA-2002-28.html
3. Trojan Horse tcpdump and libpcap Distributions
The CERT/CC has received reports that some copies of the source
code for libpcap, a packet acquisition library, and tcpdump, a
network sniffer, have been modified by an intruder and contain a
Trojan horse. These modified distributions began to appear in
downloads from the HTTP server www.tcpdump.org on or around Nov
11, 2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5
checksums and official distribution sites for libpcap and tcpdump.
CERT Advisory CA-2002-30
Trojan Horse tcpdump and libpcap Distributions
http://www.cert.org/advisories/CA-2002-30.html
4. Multiple Vulnerabilities in BIND
The CERT/CC has documented multiple vulnerabilities in BIND, the
popular domain name server and client library software package
from the Internet Software Consortium (ISC). Several vulnerabilities are referenced in the advisory;
they are listed here individually.
CERT Advisory CA-2002-31
Multiple Vulnerabilities in BIND
http://www.cert.org/advisories/CA-2002-31.html
Vulnerability Note #852283
Cached malformed SIG record buffer overflow
http://www.kb.cert.org/vuls/id/852283
Vulnerability Note #229595
Overly large OPT record assertion
http://www.kb.cert.org/vuls/id/229595
Vulnerability Note #581682
ISC Bind 8 fails to properly dereference cache SIG RR
elements invalid expiry times from the internal database
http://www.kb.cert.org/vuls/id/581682
Vulnerability Note #844360
Domain Name System (DNS) stub resolver libraries
vulnerable to buffer overflows via network name or
address lookups
http://www.kb.cert.org/vuls/id/844360
5. Heap Overflow Vulnerability in Microsoft Data Access Components
(MDAC)
On November 21, 2002 the CERT/CC issued an advisory (CA-2002-33)
describing a vulnerability in MDAC, a collection of Microsoft
utilities and routines that process requests between databases and
network applications.
CERT Advisory CA-2002-33
Heap Overflow Vulnerability in Microsoft Data Access
Components (MDAC)
http://www.cert.org/advisories/CA-2002-33.html
New CERT/CC PGP Key
On September 19, the CERT/CC issued a new PGP key, which should be used when sending sensitive information to the CERT/CC.
CERT/CC PGP Public Key
https://www.cert.org/pgp/cert_pgp_key.asc
Sending Sensitive Information To The CERT/CC
http://www.cert.org/contact_cert/encryptmail.html
What's New and Updated
Since the last CERT Summary, we have published new and updated * Advisories http://www.cert.org/advisories/ * Congressional Testimony http://www.cert.org/congressional_testimony/ * CERT/CC Statistics http://www.cert.org/stats/cert_stats.html * Home User Security http://www.cert.org/homeusers/HomeComputerSecurity * Tech Tips http://www.cert.org/tech_tips/ * Training Schedule http:/www.cert.org/training/
This document is available from: http://www.cert.org/summaries/CS-2002-04.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright \xa92002 Carnegie Mellon University.
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPePMQWjtSoHZUTs5AQGdxwP9HK4mSF15bMQ9MZ4mMFcLIhvdXykANg8A 6nEIAyB8CJpbuWdP7sPh3qAwaZ9BhRFEGeLakONOpoo7bmjkwAWrJHxF3b1CrgHS ZuKQsgEhnm9wpPdU6w6SG1cJBkwz70b8d7YK0vcVuKhmaW0JOx9OLGKsAe3SFePD OiZbNHX+eb8= =Mnbn -----END PGP SIGNATURE----- . OpenSSL Security Advisory [30 July 2002]
This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.
Advisory 1
A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.
-
The client master key in SSL2 could be oversized and overrun a buffer. Exploit code is NOT available at this time.
-
This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.
-
Various buffers for ASCII representations of integers were too small on 64 bit platforms.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4.
In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.
Who is affected?
Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable.
SSLeay is probably also affected.
Recommendations
Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.
A patch for 0.9.7 is available from the OpenSSL website (https://www.openssl.org/).
Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos.
Client should be disabled altogether until the patches are applied.
Known Exploits
There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657
Acknowledgements
The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
The patch and advisory were prepared by Ben Laurie.
Advisory 2
Vulnerabilities
The ASN1 parser can be confused by supplying it with certain invalid encodings.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.
Who is affected?
Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.
Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
Acknowledgements
This vulnerability was discovered by Adi Stav stav@mercury.co.il and James Yonan jim@ntlp.com independently. The patch is partly based on a version by Adi Stav.
The patch and advisory were prepared by Dr. Stephen Henson.
Combined patches for OpenSSL 0.9.6d: https://www.openssl.org/news/patch_20020730_0_9_6d.txt
Combined patches for OpenSSL 0.9.7 beta 2: https://www.openssl.org/news/patch_20020730_0_9_7.txt
URL for this Security Advisory: https://www.openssl.org/news/secadv_20020730.txt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 3.2,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "trustix",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.7,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.7,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.5"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openldap",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "secure computing",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "isc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openwall gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nortel",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.2b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.5a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "*"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "1.0.2.1s"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.1,
"vendor": "apple",
"version": "10.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu glibc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "metasolv",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sco group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xerox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "engarde",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "covalent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "application server",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2.0.0"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9ias"
},
{
"model": "database",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7.1"
},
{
"model": "database",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "cobalt raq3",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "internet express eak",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.2"
},
{
"model": "linux affinity toolkit",
"scope": null,
"trust": 0.6,
"vendor": "ibm",
"version": null
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "linux rc3",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "0.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "openssl for openvms alpha",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "project openssl beta3",
"scope": "ne",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "linux rc1",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "webproxy",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2.0"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "5.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.6,
"vendor": "covalent",
"version": "2.2"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.6,
"vendor": "covalent",
"version": "2.1"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "netmail e",
"scope": "ne",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "virtualvault",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "4.6"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.8.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "project openssl g",
"scope": "ne",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "5.8.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "webproxy",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "netmail c",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "project openssl e",
"scope": "ne",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.6,
"vendor": "covalent",
"version": "3.1"
},
{
"model": "tru64 unix internet express",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.3"
},
{
"model": "tcp/ip services for openvms",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.3"
},
{
"model": "openssl for openvms alpha -a",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "oracle9i application server",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"model": "virtualvault",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "4.5"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "5.9.2"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.1"
},
{
"model": "netmail d",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.1-1"
},
{
"model": "linux a",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.1"
},
{
"model": "secure os software for linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.2"
},
{
"model": "linux rc2",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "mgetty-sendfax-1.1.14-8.i386.rpm",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "0.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.19"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "-dev",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.7"
},
{
"model": "bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"model": "-beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.22"
},
{
"model": "ssl-r6",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.9"
},
{
"model": "safeword premieraccess",
"scope": "eq",
"trust": 0.3,
"vendor": "securecomputing",
"version": "3.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.16"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.13"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.20"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.26"
},
{
"model": "bsafe ssl-c me",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": null
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.25"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0"
},
{
"model": "bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "ssl-r",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.15"
},
{
"model": "ssl-rx",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "mac",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.24"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"model": "bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.23"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"model": "sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "-beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.34"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.19"
},
{
"model": "sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.5"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.3"
},
{
"model": "secure content accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "-beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.17"
},
{
"model": "ssl-r3",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.5"
},
{
"model": "jetdirect rev. u.23.99",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"model": "networks m-series router m5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "88000"
},
{
"model": "omniaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "2100"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1000"
},
{
"model": "networks m-series router m20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.4"
},
{
"model": "security bsafe ssl-c me",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": null
},
{
"model": "security bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.3"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.6"
},
{
"model": "networks m-series router m160",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks t-series router t320",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.2"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "77000"
},
{
"model": "rcp",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "77700"
},
{
"model": "networks m-series router m10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "computing safeword premieraccess",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "3.1"
},
{
"model": "networks m-series router m40e",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.3"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "66000"
},
{
"model": "networks t-series router t640",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.2"
},
{
"model": "security bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "78000"
},
{
"model": "jetdirect rev. l.23.99",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jetdirect rev. u.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jetdirect rev. l.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A.L. Digital Ltd\nThe Bunker",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2002-0656",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5047",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0656",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#258555",
"trust": 0.8,
"value": "3.19"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#844360",
"trust": 0.8,
"value": "8.91"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#852283",
"trust": 0.8,
"value": "30.38"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#581682",
"trust": 0.8,
"value": "27.54"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#229595",
"trust": 0.8,
"value": "33.05"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#102795",
"trust": 0.8,
"value": "17.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-027",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5047",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2002-0656",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be affected. An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Based on recent reports, we believe this vulnerability is being actively exploited. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. OpenSSL Is OpenSSL On the server SSL version 2.0 ( Less than, SSLv2) The buffer overflow vulnerability is caused by handshake processing. \nThe issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. \n***UPDATE: A worm that likely exploits this vulnerability has been discovered propagating in the wild. Additionally, this code includes peer-to-peer and distributed denial-of-service capabilities. There have been numerous reports of intrusions in Europe. It is not yet confirmed whether this vulnerability is in OpenSSL, mod_ssl, or another component. Administrators are advised to upgrade to the most recent versions or to disable Apache, if possible, until more information is available. OpenSSL is prone to a buffer-overflow vulnerability involving overly long SSLv3 session IDs. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Summary CS-2002-04\n\n November 26, 2002\n\n Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT\n Summary to draw attention to the types of attacks reported to our\n incident response team, as well as other noteworthy incident and\n vulnerability information. The summary includes pointers to sources of\n information for dealing with the problems. \n\n Past CERT summaries are available from:\n\n CERT Summaries\n http://www.cert.org/summaries/\n ______________________________________________________________________\n\nRecent Activity\n\n Since the last regularly scheduled CERT summary, issued in August 2002\n (CS-2002-03), we have seen trojan horses for three popular\n distributions, new self-propagating malicious code (Apache/mod_ssl),\n and multiple vulnerabilities in BIND. In addition, we have issued a\n new PGP Key. \n\n For more current information on activity being reported to the\n CERT/CC, please visit the CERT/CC Current Activity page. The Current\n Activity page is a regularly updated summary of the most frequent,\n high-impact types of security incidents and vulnerabilities being\n reported to the CERT/CC. The information on the Current Activity page\n is reviewed and updated as reporting trends change. \n\n CERT/CC Current Activity\n http://www.cert.org/current/current_activity.html\n\n\n 1. Reports received by the CERT/CC indicate\n that the Apache/mod_ssl worm has already infected thousands of\n systems. Over a month earlier, the CERT/CC issued an advisory\n (CA-2002-23) describing four remotely exploitable buffer overflows\n in OpenSSL. Trojan Horse Sendmail Distribution\n\n The CERT/CC has received confirmation that some copies of the\n source code for the Sendmail package have been modified by an\n intruder to contain a Trojan horse. These copies began to appear\n in downloads from the FTP server ftp.sendmail.org on or around\n September 28, 2002. On October 8, 2002, the CERT/CC issued an\n advisory (CA-2002-28) describing various methods to verify\n software authenticity. \n\n\t\tCERT Advisory CA-2002-28\n\t\tTrojan Horse Sendmail Distribution\n\t\thttp://www.cert.org/advisories/CA-2002-28.html\n\n\n 3. Trojan Horse tcpdump and libpcap Distributions\n\n The CERT/CC has received reports that some copies of the source\n code for libpcap, a packet acquisition library, and tcpdump, a\n network sniffer, have been modified by an intruder and contain a\n Trojan horse. These modified distributions began to appear in\n downloads from the HTTP server www.tcpdump.org on or around Nov\n 11, 2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5\n checksums and official distribution sites for libpcap and tcpdump. \n\n\t\tCERT Advisory CA-2002-30\n\t\tTrojan Horse tcpdump and libpcap Distributions\n\t\thttp://www.cert.org/advisories/CA-2002-30.html\n\n\n 4. Multiple Vulnerabilities in BIND\n\n The CERT/CC has documented multiple vulnerabilities in BIND, the\n popular domain name server and client library software package\n from the Internet Software Consortium (ISC). Several vulnerabilities are referenced in the advisory;\n they are listed here individually. \n\n\t\tCERT Advisory CA-2002-31\n\t\tMultiple Vulnerabilities in BIND\n\t\thttp://www.cert.org/advisories/CA-2002-31.html\n\n\t\tVulnerability Note #852283\n\t\tCached malformed SIG record buffer overflow\n\t\thttp://www.kb.cert.org/vuls/id/852283\n\n\t\tVulnerability Note #229595\n\t\tOverly large OPT record assertion\n\t\thttp://www.kb.cert.org/vuls/id/229595\n\n\t\tVulnerability Note #581682\n\t\tISC Bind 8 fails to properly dereference cache SIG RR \n\t\telements invalid expiry times from the internal database\n\t\thttp://www.kb.cert.org/vuls/id/581682\n\n\t\tVulnerability Note #844360\n\t\tDomain Name System (DNS) stub resolver libraries \n\t\tvulnerable to buffer overflows via network name or \n\t\taddress lookups\n\t\thttp://www.kb.cert.org/vuls/id/844360\n\n 5. Heap Overflow Vulnerability in Microsoft Data Access Components\n (MDAC)\n\n On November 21, 2002 the CERT/CC issued an advisory (CA-2002-33)\n describing a vulnerability in MDAC, a collection of Microsoft\n utilities and routines that process requests between databases and\n network applications. \n\n\t CERT Advisory CA-2002-33\n\t Heap Overflow Vulnerability in Microsoft Data Access \n\t Components (MDAC)\n\t http://www.cert.org/advisories/CA-2002-33.html\n ______________________________________________________________________\n\nNew CERT/CC PGP Key\n\n On September 19, the CERT/CC issued a new PGP key, which should be\n used when sending sensitive information to the CERT/CC. \n\n CERT/CC PGP Public Key\n https://www.cert.org/pgp/cert_pgp_key.asc\n Sending Sensitive Information To The CERT/CC\n\n http://www.cert.org/contact_cert/encryptmail.html\n ______________________________________________________________________\n\nWhat\u0027s New and Updated\n\n Since the last CERT Summary, we have published new and updated\n * Advisories\n http://www.cert.org/advisories/\n * Congressional Testimony\n http://www.cert.org/congressional_testimony/\n * CERT/CC Statistics\n http://www.cert.org/stats/cert_stats.html\n * Home User Security\n http://www.cert.org/homeusers/HomeComputerSecurity\n * Tech Tips\n http://www.cert.org/tech_tips/\n * Training Schedule\n http:/www.cert.org/training/\n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/summaries/CS-2002-04.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\n Using encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\n Getting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright \\xa92002 Carnegie Mellon University. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPePMQWjtSoHZUTs5AQGdxwP9HK4mSF15bMQ9MZ4mMFcLIhvdXykANg8A\n6nEIAyB8CJpbuWdP7sPh3qAwaZ9BhRFEGeLakONOpoo7bmjkwAWrJHxF3b1CrgHS\nZuKQsgEhnm9wpPdU6w6SG1cJBkwz70b8d7YK0vcVuKhmaW0JOx9OLGKsAe3SFePD\nOiZbNHX+eb8=\n=Mnbn\n-----END PGP SIGNATURE-----\n. OpenSSL Security Advisory [30 July 2002]\n\nThis advisory consists of two independent advisories, merged, and is\nan official OpenSSL advisory. \n\nAdvisory 1\n==========\n\nA.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are\nconducting a security review of OpenSSL, under the DARPA program\nCHATS. \n\n1. The client master key in SSL2 could be oversized and overrun a\n buffer. Exploit code is\n NOT available at this time. \n\n2. \n\n3. This issues only affects OpenSSL\n 0.9.7 before 0.9.7-beta3 with Kerberos enabled. \n\n4. Various buffers for ASCII representations of integers were too\n small on 64 bit platforms. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue\n3, and CAN-2002-0655 to issue 4. \n\nIn addition various potential buffer overflows not known to be\nexploitable have had assertions added to defend against them. \n\nWho is affected?\n----------------\n\nEveryone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or\ncurrent development snapshots of 0.9.7 to provide SSL or TLS is\nvulnerable, whether client or server. 0.9.6d servers on 32-bit systems\nwith SSL 2.0 disabled are not vulnerable. \n\nSSLeay is probably also affected. \n\nRecommendations\n---------------\n\nApply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL\n0.9.6e. Recompile all applications using OpenSSL to provide SSL or\nTLS. \n\nA patch for 0.9.7 is available from the OpenSSL website\n(https://www.openssl.org/). \n\nServers can disable SSL2, alternatively disable all applications using\nSSL or TLS until the patches are applied. Users of 0.9.7 pre-release\nversions with Kerberos enabled will also have to disable Kerberos. \n\nClient should be disabled altogether until the patches are applied. \n\nKnown Exploits\n--------------\n\nThere are no know exploits available for these vulnerabilities. As\nnoted above, Neohapsis have demonstrated internally that an exploit is\npossible, but have not released the exploit code. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657\n\nAcknowledgements\n----------------\n\nThe project leading to this advisory is sponsored by the Defense\nAdvanced Research Projects Agency (DARPA) and Air Force Research\nLaboratory, Air Force Materiel Command, USAF, under agreement number\nF30602-01-2-0537. \n\nThe patch and advisory were prepared by Ben Laurie. \n\n\n\nAdvisory 2\n==========\n\nVulnerabilities\n---------------\n\nThe ASN1 parser can be confused by supplying it with certain invalid\nencodings. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0659 to this issue. \n\nWho is affected?\n----------------\n\nAny OpenSSL program which uses the ASN1 library to parse untrusted\ndata. This includes all SSL or TLS applications, those using S/MIME\n(PKCS#7) or certificate generation routines. \n\nRecommendations\n---------------\n\nApply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile\nall applications using OpenSSL. \n\nUsers of 0.9.7 pre-release versions should apply the patch or upgrade\nto 0.9.7-beta3 or later. Recompile all applications using OpenSSL. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659\n\nAcknowledgements\n----------------\n\nThis vulnerability was discovered by Adi Stav \u003cstav@mercury.co.il\u003e\nand James Yonan \u003cjim@ntlp.com\u003e independently. The patch is partly\nbased on a version by Adi Stav. \n\nThe patch and advisory were prepared by Dr. Stephen Henson. \n\n\n\n\nCombined patches for OpenSSL 0.9.6d:\nhttps://www.openssl.org/news/patch_20020730_0_9_6d.txt\n\nCombined patches for OpenSSL 0.9.7 beta 2:\nhttps://www.openssl.org/news/patch_20020730_0_9_7.txt\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20020730.txt\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "PACKETSTORM",
"id": "169647"
}
],
"trust": 6.84
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5047",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40347",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0656",
"trust": 3.3
},
{
"db": "BID",
"id": "5362",
"trust": 3.1
},
{
"db": "CERT/CC",
"id": "VU#102795",
"trust": 2.9
},
{
"db": "CERT/CC",
"id": "VU#258555",
"trust": 2.8
},
{
"db": "BID",
"id": "5363",
"trust": 1.5
},
{
"db": "CERT/CC",
"id": "VU#844360",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#852283",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#581682",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#229595",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "40347",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-75494",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75495",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5047",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2002-0656",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30532",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169647",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"id": "VAR-200208-0244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5047"
}
],
"trust": 0.38947368000000004
},
"last_update_date": "2023-12-18T11:36:12Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX0209-217",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1041818851527+28353475\u0026amp;docid=hpsbux0209-217"
},
{
"title": "HPSBUX0209-217",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0209-217.html"
},
{
"title": "secadv_20020730",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20020730.txt"
},
{
"title": "#37",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/htdocs/opensslalert.html"
},
{
"title": "RHSA-2002:155",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2002-155.html"
},
{
"title": "46424",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1"
},
{
"title": "RHSA-2002:155",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2002-155j.html"
},
{
"title": "Debian Security Advisories: DSA-136-1 openssl -- multiple remote exploits",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8ab1654e85c2f0d32d45eef6fce839f1"
},
{
"title": "LinuxFlaw",
"trust": 0.1,
"url": "https://github.com/mudongliang/linuxflaw "
},
{
"title": "cve-",
"trust": 0.1,
"url": "https://github.com/oneoy/cve- "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/5362"
},
{
"trust": 2.4,
"url": "http://www.isc.org/products/bind/bind-security.html"
},
{
"trust": 2.2,
"url": "http://www.kb.cert.org/vuls/id/102795"
},
{
"trust": 2.1,
"url": "http://www.cert.org/advisories/ca-2002-23.html"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/258555"
},
{
"trust": 1.6,
"url": "about vulnerability notes"
},
{
"trust": 1.6,
"url": "contact us about this vulnerability"
},
{
"trust": 1.6,
"url": "provide a vendor statement"
},
{
"trust": 1.6,
"url": "http://bvlive01.iss.net/issen/delivery/xforce/alertdetail.jsp?oid=21469"
},
{
"trust": 1.6,
"url": "http://www.ciac.org/ciac/bulletins/n-013.shtml"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/5363"
},
{
"trust": 1.2,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt"
},
{
"trust": 1.2,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt"
},
{
"trust": 1.2,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc"
},
{
"trust": 1.2,
"url": "http://www.linux-mandrake.com/en/security/2002/mdksa-2002-046.php"
},
{
"trust": 1.2,
"url": "http://www.iss.net/security_center/static/9714.php"
},
{
"trust": 1.2,
"url": "http://www.iss.net/security_center/static/9716.php"
},
{
"trust": 1.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
},
{
"trust": 0.9,
"url": "http://www.cert.org/advisories/ca-2002-27.html"
},
{
"trust": 0.8,
"url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
},
{
"trust": 0.8,
"url": "http://www.isc.org/products/bind/patches/bind4910.diff"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/m-103.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0656"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/20020731openssl.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023001.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023101.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023201.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023601.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-27"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-23"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0656"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030424_144742.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030416_114510.html"
},
{
"trust": 0.6,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm"
},
{
"trust": 0.6,
"url": "http://otn.oracle.com/deploy/security/htdocs/opensslalert.html"
},
{
"trust": 0.6,
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/bsafe_ssl_products_security_bulletin_aug_8_2002.pdf"
},
{
"trust": 0.6,
"url": "http://docs.info.apple.com/article.html?artnum=120139"
},
{
"trust": 0.6,
"url": "http://docs.info.apple.com/article.html?artnum=120141"
},
{
"trust": 0.4,
"url": "http://www.openssl.org/news/secadv_20020730.txt"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/b4bc2930d33dc6d98cf1c6c819f241e1.html"
},
{
"trust": 0.3,
"url": "http://www.sonicwall.com/support/security_advisories/security_advisory-openssl.html"
},
{
"trust": 0.3,
"url": "http://www.hp.com/cposupport/networking/support_doc/bpj05999.html#p26_2431"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/securitypatch"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/http-openssl-malformed-client-key-bof"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/40347/"
},
{
"trust": 0.1,
"url": "https://www.tcpdump.org"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/cs-2002-04.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/homeusers/homecomputersecurity"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/852283"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/581682"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"trust": 0.1,
"url": "http://www.cert.org/stats/cert_stats.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/congressional_testimony/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-31.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/current_activity.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/229595"
},
{
"trust": 0.1,
"url": "https://www.cert.org/training/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/contact_cert/encryptmail.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "https://www.cert.org/pgp/cert_pgp_key.asc"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-30.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-33.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-28.html"
},
{
"trust": 0.1,
"url": "http://www.neohapsis.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0657"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0657"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/patch_20020730_0_9_6d.txt"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0656"
},
{
"trust": 0.1,
"url": "http://www.thebunker.net/)"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/patch_20020730_0_9_7.txt"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/)."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0655"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0655"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0659"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#258555"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#844360"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#852283"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#581682"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#229595"
},
{
"date": "2002-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#102795"
},
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5047"
},
{
"date": "2002-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"date": "2002-07-30T00:00:00",
"db": "BID",
"id": "5363"
},
{
"date": "2002-07-30T00:00:00",
"db": "BID",
"id": "5362"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"date": "2002-11-30T11:13:52",
"db": "PACKETSTORM",
"id": "30532"
},
{
"date": "2002-07-30T12:12:12",
"db": "PACKETSTORM",
"id": "169647"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"date": "2002-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#258555"
},
{
"date": "2003-04-24T00:00:00",
"db": "CERT/CC",
"id": "VU#844360"
},
{
"date": "2004-10-18T00:00:00",
"db": "CERT/CC",
"id": "VU#852283"
},
{
"date": "2003-02-25T00:00:00",
"db": "CERT/CC",
"id": "VU#581682"
},
{
"date": "2003-05-30T00:00:00",
"db": "CERT/CC",
"id": "VU#229595"
},
{
"date": "2002-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#102795"
},
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5047"
},
{
"date": "2008-09-10T00:00:00",
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"date": "2007-12-20T17:11:00",
"db": "BID",
"id": "5363"
},
{
"date": "2007-11-15T00:40:00",
"db": "BID",
"id": "5362"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"date": "2008-09-10T19:12:40.070000",
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"date": "2006-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL clients contain a buffer overflow during the SSL3 handshake process",
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
],
"trust": 1.2
}
}
VAR-200710-0019
Vulnerability from variot - Updated: 2023-12-18 11:01Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues. BT Home Hub and Thomson/Alcatel Speedtouch 7G routers are prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, a cross-site scripting issue, multiple HTML-injection issues, and multiple authentication-bypass issues. Successful exploits of many of these issues will allow an attacker to completely compromise the affected device. These issues affect the BT Home Hub and Thomson/Alcatel Speedtouch 7G routers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200710-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "speedtouch 7g router",
"scope": "eq",
"trust": 1.0,
"vendor": "alcatel",
"version": "*"
},
{
"model": "home hub",
"scope": "eq",
"trust": 1.0,
"vendor": "bt",
"version": "*"
},
{
"model": "home hub",
"scope": "lte",
"trust": 0.8,
"vendor": "bt",
"version": "6.2.6.b"
},
{
"model": "speedtouch 7g router",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "speedtouch 7g router",
"scope": null,
"trust": 0.6,
"vendor": "alcatel",
"version": null
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.3,
"vendor": "thomson",
"version": "0"
},
{
"model": "home hub .b",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "6.2.6"
},
{
"model": "home hub",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "6.2.2.6"
},
{
"model": "home hub",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "0"
},
{
"model": "speedtouch 7g",
"scope": null,
"trust": 0.3,
"vendor": "alcatel",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002763"
},
{
"db": "NVD",
"id": "CVE-2007-5384"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-214"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel:speedtouch_7g_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:bt:home_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5384"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adrian Pastor\u203b m123303@richmond.ac.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-214"
}
],
"trust": 0.6
},
"cve": "CVE-2007-5384",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-5384",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-28746",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-5384",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200710-214",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-28746",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28746"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002763"
},
{
"db": "NVD",
"id": "CVE-2007-5384"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues. BT Home Hub and Thomson/Alcatel Speedtouch 7G routers are prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, a cross-site scripting issue, multiple HTML-injection issues, and multiple authentication-bypass issues. \nSuccessful exploits of many of these issues will allow an attacker to completely compromise the affected device. \nThese issues affect the BT Home Hub and Thomson/Alcatel Speedtouch 7G routers",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5384"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002763"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "VULHUB",
"id": "VHN-28746"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5384",
"trust": 2.8
},
{
"db": "BID",
"id": "25972",
"trust": 2.0
},
{
"db": "SREASON",
"id": "3213",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002763",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20071008 BT HOME FLUB: PWNIN THE BT HOME HUB",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200710-214",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-28746",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28746"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002763"
},
{
"db": "NVD",
"id": "CVE-2007-5384"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-214"
}
]
},
"id": "VAR-200710-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28746"
}
],
"trust": 0.975
},
"last_update_date": "2023-12-18T11:01:57.148000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alcatel-lucent.com/alcatel/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bt.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002763"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28746"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002763"
},
{
"db": "NVD",
"id": "CVE-2007-5384"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"trust": 2.0,
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25972"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3213"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5384"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5384"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/481835/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.homehub.bt.com/"
},
{
"trust": 0.3,
"url": "http://www.gnucitizen.org/blog/call-jacking"
},
{
"trust": 0.3,
"url": "http://www.thomson.net/en/home/minisites/bap/telecom/subcategory.html?category=dsl%20modems"
},
{
"trust": 0.3,
"url": "/archive/1/481835"
},
{
"trust": 0.3,
"url": "/archive/1/486081"
},
{
"trust": 0.3,
"url": "/archive/1/517314"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28746"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002763"
},
{
"db": "NVD",
"id": "CVE-2007-5384"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28746"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002763"
},
{
"db": "NVD",
"id": "CVE-2007-5384"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-28746"
},
{
"date": "2007-10-08T00:00:00",
"db": "BID",
"id": "25972"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002763"
},
{
"date": "2007-10-12T01:17:00",
"db": "NVD",
"id": "CVE-2007-5384"
},
{
"date": "2007-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28746"
},
{
"date": "2011-04-04T20:05:00",
"db": "BID",
"id": "25972"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002763"
},
{
"date": "2018-10-15T21:44:14.513000",
"db": "NVD",
"id": "CVE-2007-5384"
},
{
"date": "2007-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-214"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-214"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BT Home Hub Used in Thomson/Alcatel SpeedTouch 7G Cross-site request forgery vulnerability in router",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002763"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-214"
}
],
"trust": 0.6
}
}
VAR-200710-0020
Vulnerability from variot - Updated: 2023-12-18 11:00Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. BT Home Hub Used in etc. Successful exploits of many of these issues will allow an attacker to completely compromise the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200710-0020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "speedtouch 7g router",
"scope": "eq",
"trust": 1.0,
"vendor": "alcatel",
"version": "*"
},
{
"model": "home hub",
"scope": "eq",
"trust": 1.0,
"vendor": "bt",
"version": "*"
},
{
"model": "home hub",
"scope": "lte",
"trust": 0.8,
"vendor": "bt",
"version": "6.2.6.b"
},
{
"model": "speedtouch 7g router",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "speedtouch 7g router",
"scope": null,
"trust": 0.6,
"vendor": "alcatel",
"version": null
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.3,
"vendor": "thomson",
"version": "0"
},
{
"model": "home hub .b",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "6.2.6"
},
{
"model": "home hub",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "6.2.2.6"
},
{
"model": "home hub",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "0"
},
{
"model": "speedtouch 7g",
"scope": null,
"trust": 0.3,
"vendor": "alcatel",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002764"
},
{
"db": "NVD",
"id": "CVE-2007-5385"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-212"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:bt:home_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:alcatel:speedtouch_7g_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5385"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adrian Pastor\u203b m123303@richmond.ac.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-212"
}
],
"trust": 0.6
},
"cve": "CVE-2007-5385",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-5385",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-28747",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-5385",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200710-212",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-28747",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28747"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002764"
},
{
"db": "NVD",
"id": "CVE-2007-5385"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-212"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. BT Home Hub Used in etc. \nSuccessful exploits of many of these issues will allow an attacker to completely compromise the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5385"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002764"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "VULHUB",
"id": "VHN-28747"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5385",
"trust": 2.8
},
{
"db": "BID",
"id": "25972",
"trust": 2.0
},
{
"db": "SREASON",
"id": "3213",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002764",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20071008 BT HOME FLUB: PWNIN THE BT HOME HUB",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200710-212",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-28747",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28747"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002764"
},
{
"db": "NVD",
"id": "CVE-2007-5385"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-212"
}
]
},
"id": "VAR-200710-0020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28747"
}
],
"trust": 0.975
},
"last_update_date": "2023-12-18T11:00:38.244000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alcatel-lucent.com/alcatel/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bt.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28747"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002764"
},
{
"db": "NVD",
"id": "CVE-2007-5385"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"trust": 2.0,
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25972"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3213"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5385"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5385"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/481835/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.homehub.bt.com/"
},
{
"trust": 0.3,
"url": "http://www.gnucitizen.org/blog/call-jacking"
},
{
"trust": 0.3,
"url": "http://www.thomson.net/en/home/minisites/bap/telecom/subcategory.html?category=dsl%20modems"
},
{
"trust": 0.3,
"url": "/archive/1/481835"
},
{
"trust": 0.3,
"url": "/archive/1/486081"
},
{
"trust": 0.3,
"url": "/archive/1/517314"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28747"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002764"
},
{
"db": "NVD",
"id": "CVE-2007-5385"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-212"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28747"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002764"
},
{
"db": "NVD",
"id": "CVE-2007-5385"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-212"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-28747"
},
{
"date": "2007-10-08T00:00:00",
"db": "BID",
"id": "25972"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002764"
},
{
"date": "2007-10-12T01:17:00",
"db": "NVD",
"id": "CVE-2007-5385"
},
{
"date": "2007-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-212"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28747"
},
{
"date": "2011-04-04T20:05:00",
"db": "BID",
"id": "25972"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002764"
},
{
"date": "2018-10-15T21:44:14.937000",
"db": "NVD",
"id": "CVE-2007-5385"
},
{
"date": "2007-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-212"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-212"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BT Home Hub Used in etc. Thomson/Alcatel SpeedTouch 7G Router cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002764"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-212"
}
],
"trust": 0.6
}
}
VAR-200711-0147
Vulnerability from variot - Updated: 2023-12-18 10:55Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. BT Home Hub and Thomson/Alcatel Speedtouch 7G routers are prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, a cross-site scripting issue, multiple HTML-injection issues, and multiple authentication-bypass issues. Successful exploits of many of these issues will allow an attacker to completely compromise the affected device. These issues affect the BT Home Hub and Thomson/Alcatel Speedtouch 7G routers.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
Input passed to the "url" parameter in /cgi/b/ic/connect/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is reported in firmware version 5.4.0.14. Other versions may also be affected.
SOLUTION: Do not browse untrusted websites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY: Remco
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200711-0147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "speedtouch",
"scope": "eq",
"trust": 2.4,
"vendor": "thomson",
"version": "716"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.3,
"vendor": "thomson",
"version": "0"
},
{
"model": "home hub .b",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "6.2.6"
},
{
"model": "home hub",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "6.2.2.6"
},
{
"model": "home hub",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "0"
},
{
"model": "speedtouch 7g",
"scope": null,
"trust": 0.3,
"vendor": "alcatel",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006334"
},
{
"db": "NVD",
"id": "CVE-2007-6003"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-243"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:thomson:speedtouch:716:*:firmware_5.4.0.14:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6003"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adrian Pastor m123303@richmond.ac.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-243"
}
],
"trust": 0.6
},
"cve": "CVE-2007-6003",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-6003",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-29365",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-6003",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200711-243",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-29365",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29365"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006334"
},
{
"db": "NVD",
"id": "CVE-2007-6003"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-243"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. BT Home Hub and Thomson/Alcatel Speedtouch 7G routers are prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, a cross-site scripting issue, multiple HTML-injection issues, and multiple authentication-bypass issues. \nSuccessful exploits of many of these issues will allow an attacker to completely compromise the affected device. \nThese issues affect the BT Home Hub and Thomson/Alcatel Speedtouch 7G routers. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nInput passed to the \"url\" parameter in /cgi/b/ic/connect/ is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of an affected site. \n\nThe vulnerability is reported in firmware version 5.4.0.14. Other\nversions may also be affected. \n\nSOLUTION:\nDo not browse untrusted websites or follow untrusted links. \n\nPROVIDED AND/OR DISCOVERED BY:\nRemco\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6003"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006334"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "VULHUB",
"id": "VHN-29365"
},
{
"db": "PACKETSTORM",
"id": "61021"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-29365",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29365"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6003",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "27564",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006334",
"trust": 0.8
},
{
"db": "XF",
"id": "38419",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200711-243",
"trust": 0.6
},
{
"db": "BID",
"id": "25972",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "30882",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-84240",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-29365",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61021",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29365"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006334"
},
{
"db": "PACKETSTORM",
"id": "61021"
},
{
"db": "NVD",
"id": "CVE-2007-6003"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-243"
}
]
},
"id": "VAR-200711-0147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-29365"
}
],
"trust": 0.975
},
"last_update_date": "2023-12-18T10:55:01.797000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SpeedTouch",
"trust": 0.8,
"url": "http://www.technicolor.com/en/hi/about-technicolor/technicolor-at-a-glance/technicolor-s-other-brands/tab/thomson"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29365"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006334"
},
{
"db": "NVD",
"id": "CVE-2007-6003"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27564"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38419"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6003"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6003"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/38419"
},
{
"trust": 0.3,
"url": "http://www.homehub.bt.com/"
},
{
"trust": 0.3,
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
},
{
"trust": 0.3,
"url": "http://www.gnucitizen.org/blog/call-jacking"
},
{
"trust": 0.3,
"url": "http://www.thomson.net/en/home/minisites/bap/telecom/subcategory.html?category=dsl%20modems"
},
{
"trust": 0.3,
"url": "/archive/1/481835"
},
{
"trust": 0.3,
"url": "/archive/1/486081"
},
{
"trust": 0.3,
"url": "/archive/1/517314"
},
{
"trust": 0.3,
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16520/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27564/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29365"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006334"
},
{
"db": "PACKETSTORM",
"id": "61021"
},
{
"db": "NVD",
"id": "CVE-2007-6003"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-243"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-29365"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006334"
},
{
"db": "PACKETSTORM",
"id": "61021"
},
{
"db": "NVD",
"id": "CVE-2007-6003"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-243"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-29365"
},
{
"date": "2007-10-08T00:00:00",
"db": "BID",
"id": "25972"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006334"
},
{
"date": "2007-11-20T16:17:55",
"db": "PACKETSTORM",
"id": "61021"
},
{
"date": "2007-11-15T22:46:00",
"db": "NVD",
"id": "CVE-2007-6003"
},
{
"date": "2007-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-243"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-29365"
},
{
"date": "2011-04-04T20:05:00",
"db": "BID",
"id": "25972"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006334"
},
{
"date": "2017-07-29T01:33:59.193000",
"db": "NVD",
"id": "CVE-2007-6003"
},
{
"date": "2007-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-243"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-243"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thomson SpeedTouch 716 of cgi/b/ic/connect Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006334"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "61021"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-243"
}
],
"trust": 0.7
}
}
CVE-2011-4505 (GCVE-0-2011-4505)
Vulnerability from nvd – Published: 2011-11-22 11:00 – Updated: 2024-09-16 20:32
VLAI
Summary
The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/357851 | third-party-advisoryx_refsource_CERT-VN |
| http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-22T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#357851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"name": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf",
"refsource": "MISC",
"url": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4505",
"datePublished": "2011-11-22T11:00:00.000Z",
"dateReserved": "2011-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:32:49.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4383 (GCVE-0-2008-4383)
Vulnerability from nvd – Published: 2008-10-03 22:00 – Updated: 2024-08-07 10:17
VLAI
Summary
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30652 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1020657 | vdb-entryx_refsource_SECTRACK |
| http://www.layereddefense.com/alcatel12aug.html | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/4347 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/31435 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/495343/100… | mailing-listx_refsource_BUGTRAQ |
| http://www1.alcatel-lucent.com/psirt/statements/2… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/2346 | vdb-entryx_refsource_VUPEN |
Date Public
2008-08-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "30652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-4383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020657"
},
{
"name": "http://www.layereddefense.com/alcatel12aug.html",
"refsource": "MISC",
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"name": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm",
"refsource": "CONFIRM",
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-4383",
"datePublished": "2008-10-03T22:00:00.000Z",
"dateReserved": "2008-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:17:09.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4505 (GCVE-0-2011-4505)
Vulnerability from cvelistv5 – Published: 2011-11-22 11:00 – Updated: 2024-09-16 20:32
VLAI
Summary
The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/357851 | third-party-advisoryx_refsource_CERT-VN |
| http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-22T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#357851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"name": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf",
"refsource": "MISC",
"url": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4505",
"datePublished": "2011-11-22T11:00:00.000Z",
"dateReserved": "2011-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:32:49.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}