CVE-2002-0666
https://notcve.org/view.php?id=CVE-2002-0666
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. Implementaciones de IPSEC, incluyendo FreeS/WAN y KAME no calculan adecuadamente la longitud de los datos de autenticación, lo que permite a atacantes remotos causar una denegación de servicio (kernel panic) mediante paquetes Encapsulating Security Payload (EPS) cortos falsificados, lo que resulta en errores de enteros sin signos. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc http://razor.bindview.com/publish/advisories/adv_ipsec.html http://www.debian.org/security/2002/dsa-201 http://www.iss.net/security_center/static/10411.php http://www.kb.cert.org/vuls/id/459371 http://www.securityfocus.com/bid/6011 •
CVE-2002-1194
https://notcve.org/view.php?id=CVE-2002-1194
Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message. Desbordamiento de búfer en talkd en NetBSD 1.6 y anteriores, y posiblemente otros sistemas operativos, pueden permitir a atacantes remotos ejecutar código arbitrario mediante un mensaje largo entrante. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-019.txt.asc http://www.iss.net/security_center/static/10303.php http://www.securityfocus.com/bid/5910 •
CVE-2002-1192 – Rogue 5.3 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1192
Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file. • https://www.exploit-db.com/exploits/21881 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-021.txt.asc http://marc.info/?l=bugtraq&m=103342413220529&w=2 http://secunia.com/advisories/7181 http://secunia.com/advisories/7252 http://www.osvdb.org/6098 http://www.securityfocus.com/bid/5837 https://exchange.xforce.ibmcloud.com/vulnerabilities/10261 •
CVE-2002-1165 – Sendmail 8.12.x - SMRSH Double Pipe Access Validation
https://notcve.org/view.php?id=CVE-2002-1165
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified. Sendmail Consortium's Restricted Shell (SMRSH) en Sendmail 8.12.6, 8.11.6-15 y anteriores, permite a atacantes puentear las restricciones pretendidas de smrsh insertando caractéres adicionales después de secuencias "||" (dos barras verticales) o "/" (barra), que no son adecuadamente filtradas o verificadas. • https://www.exploit-db.com/exploits/21884 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532 http://marc.info/?l=bugtraq&m=103350914307274&w=2 http://secunia.com/advisories/7826 http://www.iss.net/security_center/static/10232.php http://www.mandriva.com/security/advisories?name=MDKSA-2002:083 http://www.redhat.com/support/errata/RHSA-2003-073.html http://www.securityfocus.com/bi •
CVE-2002-0414
https://notcve.org/view.php?id=CVE-2002-0414
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0057.html http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG http://www.iss.net/security_center/static/8416.php http://www.osvdb.org/5304 http://www.securityfocus.com/archive/1/259598 http://www.securityfocus.com/bid/4224 •