CVE-2002-1978

IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc
http://securitytracker.com/id?1005442	Patch
http://www.iss.net/security_center/static/10409.php	Patch
http://www.kb.cert.org/vuls/id/328867	US Government Resource
http://www.securityfocus.com/bid/6010	Patch
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc
http://securitytracker.com/id?1005442	Patch
http://www.iss.net/security_center/static/10409.php	Patch
http://www.kb.cert.org/vuls/id/328867	US Government Resource
http://www.securityfocus.com/bid/6010	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:darren_reed:ipfilter:3.1.1:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.1.2:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.1.3:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.1.4:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.1.5:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.1.6:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.1.7:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.1.8:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.1.9:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.1.10:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.1:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.2:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.3:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.4:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.5:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.6:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.7:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.8:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.9:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.10:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.11:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.12:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.13:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.14:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.15:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.16:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.17:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.18:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.19:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.20:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.21:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.2.22:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.1:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.2:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.3:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.4:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.5:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.6:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.7:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.8:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.9:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.10:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.11:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.12:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.13:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.14:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.15:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.16:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.17:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.18:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.19:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.20:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.21:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.3.22:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.4.1:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.4.2:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.4.3:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.4.4:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.4.5:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.4.6:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.4.7:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.4.8:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.4.9:::::::*
	cpe:2.3:a:darren_reed:ipfilter:3.4.10:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.11:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.12:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.13:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.14:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.15:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.16:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.17:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.18:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.19:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.20:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.21:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.22:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.23:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.24:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.25:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.26:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.27:::::::*
cpe:2.3:a:darren_reed:ipfilter:3.4.28:::::::*

History

20 Nov 2024, 23:42

Type	Values Removed	Values Added
References	~~() ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc -~~	() ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc -
References	~~() http://securitytracker.com/id?1005442 - Patch~~	() http://securitytracker.com/id?1005442 - Patch
References	~~() http://www.iss.net/security_center/static/10409.php - Patch~~	() http://www.iss.net/security_center/static/10409.php - Patch
References	~~() http://www.kb.cert.org/vuls/id/328867 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/328867 - US Government Resource
References	~~() http://www.securityfocus.com/bid/6010 - Patch~~	() http://www.securityfocus.com/bid/6010 - Patch

Information

Published : 2002-12-31 05:00

Updated : 2024-11-20 23:42

NVD link : CVE-2002-1978

Mitre link : CVE-2002-1978

CVE.ORG link : CVE-2002-1978

JSON object : View

Products Affected

darren_reed

ipfilter

CWE

CWE-264

Permissions, Privileges, and Access Controls

7.5 /10