CVE-2002-1500
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/04/2003
Last modified:
03/04/2025
Description
Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET().
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4:*:alpha:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4:*:arm32:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4:*:sparc:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4:*:x86:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4.1:*:alpha:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4.1:*:arm32:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4.1:*:sh3:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4.1:*:sparc:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4.1:*:x86:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4.2:*:alpha:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4.2:*:arm32:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.4.2:*:sparc:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-014.txt.asc
- http://www.iss.net/security_center/static/10114.php
- http://www.securityfocus.com/bid/5727
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-014.txt.asc
- http://www.iss.net/security_center/static/10114.php
- http://www.securityfocus.com/bid/5727