var-200205-0137
Vulnerability from variot
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. Sun's NFS/RPC cachefs daemon (cachefsd) is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC and Intel architectures). Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. Sun Solaris Included in the NFS/RPC Necessary to operate the file system cachefsd In cfsd_calloc function The function does not perform bounds checking properly, so abnormally long cache names and directory names are included. A remotely exploitable buffer overflow condition has been reported in cachefsd. The overflow occurs in the heap and is reportedly exploitable as valid malloc() chunk structures are overwritten. Successful attacks may result in remote attackers gaining root access on the affected system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200205-0137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "solaris",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "7.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "2.6"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "8.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.5.1 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.5.1 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "solaris x86",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "solaris ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 7.0 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 2.6 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 2.6 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "voice services provisioning tool",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual switch controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "universal gateway manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "signaling controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2200"
},
{
"model": "secure acs for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.6.1"
},
{
"model": "secure acs for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.5.1"
},
{
"model": "secure acs for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3"
},
{
"model": "secure acs for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "pgw2200 pstn gateway",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgc node manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "media gateway manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "ip manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "ems for the cisco",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7200/7400"
},
{
"model": "ems for the catalyst cisco",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/7600"
},
{
"model": "element management framework",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "dsl manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cable manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "billing and management server",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12000"
},
{
"model": "ids-4230-xx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ids-4220-e",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ids-4210",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "bts",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10200"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#635811"
},
{
"db": "BID",
"id": "4674"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000106"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-079"
},
{
"db": "NVD",
"id": "CVE-2002-0033"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000106"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LSD contact@lsd-pl.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-079"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0033",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0033",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0033",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#635811",
"trust": 0.8,
"value": "52.92"
},
{
"author": "NVD",
"id": "CVE-2002-0033",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200205-079",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#635811"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000106"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-079"
},
{
"db": "NVD",
"id": "CVE-2002-0033"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. Sun\u0027s NFS/RPC cachefs daemon (cachefsd) is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC and Intel architectures). Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. Sun Solaris Included in the NFS/RPC Necessary to operate the file system cachefsd In cfsd_calloc function The function does not perform bounds checking properly, so abnormally long cache names and directory names are included. A remotely exploitable buffer overflow condition has been reported in cachefsd. The overflow occurs in the heap and is reportedly exploitable as valid malloc() chunk structures are overwritten. Successful attacks may result in remote attackers gaining root access on the affected system",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0033"
},
{
"db": "CERT/CC",
"id": "VU#635811"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000106"
},
{
"db": "BID",
"id": "4674"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#635811",
"trust": 3.2
},
{
"db": "BID",
"id": "4674",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2002-0033",
"trust": 2.4
},
{
"db": "XF",
"id": "8999",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000106",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "CA-2002-11",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020505 [LSD] SOLARIS CACHEFSD REMOTE BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:124",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:31",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200205-079",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#635811"
},
{
"db": "BID",
"id": "4674"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000106"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-079"
},
{
"db": "NVD",
"id": "CVE-2002-0033"
}
]
},
"id": "VAR-200205-0137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24090908
},
"last_update_date": "2024-11-22T23:15:25.345000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "56300",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56300-1"
},
{
"title": "44309",
"trust": 0.8,
"url": "http://jp.sunsolve.sun.com/search/document.do?assetkey=1-26-44309-1"
},
{
"title": "56300",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56300-3"
},
{
"title": "44309",
"trust": 0.8,
"url": "http://jp.sunsolve.sun.com/search/document.do?assetkey=1-26-44309-3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000106"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0033"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f44309"
},
{
"trust": 3.4,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html"
},
{
"trust": 3.4,
"url": "http://www.cert.org/advisories/ca-2002-11.html"
},
{
"trust": 3.4,
"url": "http://www.securityfocus.com/bid/4674"
},
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/635811"
},
{
"trust": 2.6,
"url": "http://www.iss.net/security_center/static/8999.php"
},
{
"trust": 2.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a124"
},
{
"trust": 2.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a31"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/m-078.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0033"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr021801.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-11"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0033"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/8999"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:31"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:124"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#635811"
},
{
"db": "BID",
"id": "4674"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000106"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-079"
},
{
"db": "NVD",
"id": "CVE-2002-0033"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#635811"
},
{
"db": "BID",
"id": "4674"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000106"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-079"
},
{
"db": "NVD",
"id": "CVE-2002-0033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-06T00:00:00",
"db": "CERT/CC",
"id": "VU#635811"
},
{
"date": "2002-05-06T00:00:00",
"db": "BID",
"id": "4674"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000106"
},
{
"date": "2002-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-079"
},
{
"date": "2002-05-29T04:00:00",
"db": "NVD",
"id": "CVE-2002-0033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-14T00:00:00",
"db": "CERT/CC",
"id": "VU#635811"
},
{
"date": "2002-05-06T00:00:00",
"db": "BID",
"id": "4674"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000106"
},
{
"date": "2005-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-079"
},
{
"date": "2024-11-20T23:38:08.383000",
"db": "NVD",
"id": "CVE-2002-0033"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-079"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sun Solaris cachefsd vulnerable to heap overflow in cfsd_calloc() function via long string of characters",
"sources": [
{
"db": "CERT/CC",
"id": "VU#635811"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "4674"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-079"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.