Vulnerabilities > CVE-2002-0047 - Unspecified vulnerability in Olaf Titz Cipe

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
olaf-titz
nessus
NVD
Published: 2002-01-31
Updated: 2024-11-20

Summary

CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet.

Vulnerable Configurations

Part Description Count
Application
Olaf_Titz
1

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-104.NASL
descriptionLarry McVoy found a bug in the packet handling code for the CIPE VPN package: it did not check if a received packet was too short and could crash.
last seen2020-06-01
modified2020-06-02
plugin id14941
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14941
titleDebian DSA-104-1 : cipe - DoS attack
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-104. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14941);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:16");

  script_cve_id("CVE-2002-0047");
  script_xref(name:"DSA", value:"104");

  script_name(english:"Debian DSA-104-1 : cipe - DoS attack");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Larry McVoy found a bug in the packet handling code for the CIPE VPN
package: it did not check if a received packet was too short and could
crash."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-104"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"This has been fixed in version 1.3.0-3, and we recommend that you
upgrade your CIPE packages immediately.

Please note that the package only contains the required kernel patch,
you will have to manually build the kernel modules for your kernel
with the updated source from the cipe-source package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cipe");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/01/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"cipe-common", reference:"1.3.0-3")) flag++;
if (deb_check(release:"2.2", prefix:"cipe-source", reference:"1.3.0-3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories
rhsa
idRHSA-2002:007

References