CVE-2002-0237

Current Description

Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets.

Basic Data

PublishedMay 29, 2002
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIssBlackice Agent3.0*******
    2.3ApplicationIssBlackice Agent3.1*******
    2.3ApplicationIssBlackice Defender2.9*******
    2.3ApplicationIssBlackice Defender2.9cap*******
    2.3ApplicationIssBlackice Defender2.9caq*******
    2.3ApplicationIssRealsecure Server Sensor6.0.1*******
    2.3ApplicationIssRealsecure Server Sensor6.5*******

Vulnerable Software List

VendorProductVersions
Iss Blackice Agent 3.0, 3.1
Iss Blackice Defender 2.9, 2.9cap, 2.9caq
Iss Realsecure Server Sensor 6.0.1, 6.5

References

NameSourceURLTags
20020204 Vulnerability in Black ICE Defenderhttp://marc.info/?l=bugtraq&m=101286393404301&w=2BUGTRAQ
20020206 Black ICE Ping Vulnerability Side Notehttp://marc.info/?l=bugtraq&m=101302424803268&w=2BUGTRAQ
20020209 ALERT: ISS BlackICE Kernel Overflow Exploitablehttp://marc.info/?l=bugtraq&m=101321744807452&w=2BUGTRAQ
20020209 ALERT: ISS BlackICE Kernel Overflow Exploitablehttp://marc.info/?l=ntbugtraq&m=101353165915171&w=2NTBUGTRAQ
20020204 DoS and Potential Overflow Vulnerability in BlackICE Productshttp://www.iss.net/security_center/alerts/advise109.phpISSPatch Vendor Advisory
blackice-ping-flood-dos(8058)http://www.iss.net/security_center/static/8058.phpXFPatch Vendor Advisory
4025http://www.securityfocus.com/bid/4025BID