CVE-2002-0666

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.

Published: Nov 4, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0666
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
frees_wan / frees_wan	1.9.1	1.9.1.x
frees_wan / frees_wan	1.9.2	1.9.2.x
frees_wan / frees_wan	1.9	1.9.x
frees_wan / frees_wan	1.9.6	1.9.6.x
frees_wan / frees_wan	1.9.4	1.9.4.x
frees_wan / frees_wan	1.9.3	1.9.3.x
frees_wan / frees_wan	1.9.5	1.9.5.x
netbsd / netbsd	1.5.3	1.5.3.x
netbsd / netbsd	1.5	1.5.x
freebsd / freebsd	4.6-stable	4.6-stable.x
freebsd / freebsd	4.6-release	4.6-release.x
netbsd / netbsd	1.6-beta	1.6-beta.x
netbsd / netbsd	1.5.1	1.5.1.x
netbsd / netbsd	1.5.2	1.5.2.x
apple / mac_os_x_server	10.2	10.2.x
freebsd / freebsd	4.6	4.6.x
apple / mac_os_x	10.2	10.2.x
global_technology_associates / gnat_box_firmware	3.3	3.3.x
nec / ix2010	-	-
nec / ix1011	-	-
nec / bluefire_ix1035_router	-	-
global_technology_associates / gnat_box_firmware	3.1	3.1.x
global_technology_associates / gnat_box_firmware	3.2	3.2.x
nec / ix1010	-	-
nec / ix1020	-	-
nec / ix1050	-	-

Vulnerability Database

289,599

CVE-2002-0666