Vulnerability Details : CVE-2002-1500
Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET().
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2002-1500
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1500
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2002-1500
-
http://www.securityfocus.com/bid/5727
Patch;Vendor Advisory
-
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-014.txt.asc
-
http://www.iss.net/security_center/static/10114.php
Patch;Vendor Advisory
Products affected by CVE-2002-1500
- cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4:*:x86:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.1:*:x86:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.1:*:alpha:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.2:*:arm32:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.2:*:x86:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.1:*:arm32:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.1:*:sparc:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.2:*:alpha:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.2:*:sparc:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.1:*:sh3:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4:*:arm32:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4:*:sparc:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4:*:alpha:*:*:*:*:*