Vulnerabilities > CVE-2002-0666

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.

Vulnerable Configurations

Part	Description	Count
Application	Frees_Wan Frees WAN Frees WAN 1.9.1 Frees WAN Frees WAN 1.9.2 Frees WAN Frees WAN 1.9 Frees WAN Frees WAN 1.9.6 Frees WAN Frees WAN 1.9.4 Frees WAN Frees WAN 1.9.3 Frees WAN Frees WAN 1.9.5	7
OS	Netbsd Netbsd Netbsd 1.5.3 Netbsd Netbsd 1.5 Netbsd Netbsd 1.6 Netbsd Netbsd 1.5.1 Netbsd Netbsd 1.5.2	7
OS	Freebsd Freebsd Freebsd 4.6	3
OS	Apple Apple MAC OS X Server 10.2 Apple MAC OS X 10.2	2
Hardware	Global_Technology_Associates Global Technology Associates Gnat BOX Firmware 3.3 Global Technology Associates Gnat BOX Firmware 3.1 Global Technology Associates Gnat BOX Firmware 3.2	3
Hardware	Nec NEC Ix2010 * NEC Ix1011 * NEC Bluefire Ix1035 Router * NEC Ix1010 * NEC Ix1020 * NEC Ix1050 *	6

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-201.NASL
description	Bindview discovered a problem in several IPSEC implementations that do not properly handle certain very short packets. IPSEC is a set of security extensions to IP which provide authentication and encryption. Free/SWan in Debian is affected by this and is said to cause a kernel panic.
last seen	2020-06-01
modified	2020-06-02
plugin id	15038
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15038
title	Debian DSA-201-1 : freeswan - denial of service
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-201. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15038); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-0666"); script_xref(name:"CERT", value:"459371"); script_xref(name:"DSA", value:"201"); script_name(english:"Debian DSA-201-1 : freeswan - denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Bindview discovered a problem in several IPSEC implementations that do not properly handle certain very short packets. IPSEC is a set of security extensions to IP which provide authentication and encryption. Free/SWan in Debian is affected by this and is said to cause a kernel panic." ); script_set_attribute( attribute:"see_also", value:"http://razor.bindview.com/publish/advisories/adv_ipsec.html" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-201" ); script_set_attribute( attribute:"solution", value: "Upgrade the freeswan package. This problem has been fixed in version 1.96-1.4 for the current stable distribution (woody) and in version 1.99-1 for the unstable distribution (sid). The old stable distribution (potato) does not contain Free/SWan packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:freeswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/12/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"freeswan", reference:"1.96-1.4")) flag++; if (deb_check(release:"3.0", prefix:"kernel-patch-freeswan", reference:"1.96-1.4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Vulnerabilities > CVE-2002-0666 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2002-0666"}]}

Summary

Vulnerable Configurations

Nessus

References

Vulnerabilities > CVE-2002-0666