Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0381

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0381
Last Modified 05 Sep 2008 04:27:52
Published 25 Jun 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0381

Summary

The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.

Vulnerable Systems

Operating System

  • Freebsd 4.5

  • Netbsd 2.0.4

  • Openbsd


References

MISC - http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35022

BUGTRAQ - 20020317 TCP Connections to a Broadcast Address on BSD-Based Systems

BID - 4309

OSVDB - 5308

CONFIRM - http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110

XF - bsd-broadcast-address(8485)

CONFIRM - http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137

SGI - 20030604-01-I


Last Updated: 27 May 2016 10:36:54