Vulnerabilities > CVE-2002-2280 - Configuration vulnerability in Openbsd

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

openbsd

CWE-16

NVD

Published: 2002-12-31

Updated: 2018-10-30

Summary

syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.

Vulnerable Configurations

Part	Description	Count
OS	Openbsd Openbsd Openbsd 2.9 Openbsd Openbsd 3.0 Openbsd Openbsd 3.1 Openbsd Openbsd 3.2	4

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://archives.neohapsis.com/archives/bugtraq/2002-11/0272.html
http://www.securityfocus.com/bid/6219
https://exchange.xforce.ibmcloud.com/vulnerabilities/10702