Vulnerabilities > CVE-2001-0402

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

darren-reed

freebsd

openbsd

exploit available

NVD

Published: 2001-06-18

Updated: 2017-10-10

Summary

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.

Vulnerable Configurations

Part	Description	Count
Application	Darren_Reed Darren Reed Ipfilter *	1
OS	Freebsd Freebsd Freebsd - Freebsd Freebsd 0.4_1 Freebsd Freebsd 1.0 Freebsd Freebsd 1.1 Freebsd Freebsd 1.1.5 Freebsd Freebsd 1.1.5.1 Freebsd Freebsd 1.2 Freebsd Freebsd 1.5 Freebsd Freebsd 2.0 Freebsd Freebsd 2.0.1 Freebsd Freebsd 2.0.5 Freebsd Freebsd 2.1 Freebsd Freebsd 2.1.0 Freebsd Freebsd 2.1.5 Freebsd Freebsd 2.1.6 Freebsd Freebsd 2.1.6.1 Freebsd Freebsd 2.1.7 Freebsd Freebsd 2.1.7.1 Freebsd Freebsd 2.2 Freebsd Freebsd 2.2.1 Freebsd Freebsd 2.2.2 Freebsd Freebsd 2.2.3 Freebsd Freebsd 2.2.4 Freebsd Freebsd 2.2.5 Freebsd Freebsd 2.2.6 Freebsd Freebsd 2.2.7 Freebsd Freebsd 2.2.8 Freebsd Freebsd 3.0 Freebsd Freebsd 3.1 Freebsd Freebsd 3.2 Freebsd Freebsd 3.3 Freebsd Freebsd 3.4 Freebsd Freebsd 3.5 Freebsd Freebsd 3.5.1 Freebsd Freebsd 4.0 Freebsd Freebsd 4.1	38
OS	Openbsd Openbsd Openbsd 2.8	1

Exploit-Db

description	IPFilter 3.x Fragment Rule Bypass Vulnerability. CVE-2001-0402. Remote exploit for unix platform
id	EDB-ID:20730
last seen	2016-02-02
modified	2001-04-09
published	2001-04-09
reporter	Thomas Lopatic
source	https://www.exploit-db.com/download/20730/
title	IPFilter 3.x Fragment Rule Bypass Vulnerability

Vulnerabilities > CVE-2001-0402 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2001-0402"}]}

Summary

Vulnerable Configurations

Exploit-Db

References

Vulnerabilities > CVE-2001-0402