VAR-200205-0150
Vulnerability from variot - Updated: 2025-04-03 22:26Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. The Cisco VPN Client software is used to establish Virtual Private Network (VPN) connections between client machines and a Cisco VPN Concentrator. A vulnerability has been reported in some versions of the VPN Client. If an oversized profile name is passed to the vpnclient binary, a buffer overflow condition may occur. As vpnclient runs suid root, exploitation of this vulnerability will grant a local attacker root access to the vulnerable system. This vulnerability affects the VPN Client version 3.5.1 for Linux, Solaris and Mac OS X. Windows clients are not believed to be vulnerable. Earlier versions of the VPN Client may share this vulnerability, although this has not been confirmed. The Cisco VPN client is installed in the system with the suid root attribute by default, and the program lacks correct and sufficient checks on the data submitted by the user to the \"connect\" parameter, and the attacker can submit a very long file name (over 520 bytes) to The \"connect\" parameter can cause a buffer overflow, and carefully constructing the file name data may execute arbitrary commands in the system with root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200205-0150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vpn client",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x3.5.1"
},
{
"model": "vpn client for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "x3.5.2"
},
{
"model": "vpn client for linux",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
}
],
"sources": [
{
"db": "BID",
"id": "5056"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-052"
},
{
"db": "NVD",
"id": "CVE-2002-1447"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "methodic\u203b methodic@bigunz.angrypacket.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-052"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1447",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2002-1447",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-5832",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1447",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200205-052",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5832",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5832"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-052"
},
{
"db": "NVD",
"id": "CVE-2002-1447"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. The Cisco VPN Client software is used to establish Virtual Private Network (VPN) connections between client machines and a Cisco VPN Concentrator. \nA vulnerability has been reported in some versions of the VPN Client. If an oversized profile name is passed to the vpnclient binary, a buffer overflow condition may occur. As vpnclient runs suid root, exploitation of this vulnerability will grant a local attacker root access to the vulnerable system. \nThis vulnerability affects the VPN Client version 3.5.1 for Linux, Solaris and Mac OS X. Windows clients are not believed to be vulnerable. Earlier versions of the VPN Client may share this vulnerability, although this has not been confirmed. The Cisco VPN client is installed in the system with the suid root attribute by default, and the program lacks correct and sufficient checks on the data submitted by the user to the \\\"connect\\\" parameter, and the attacker can submit a very long file name (over 520 bytes) to The \\\"connect\\\" parameter can cause a buffer overflow, and carefully constructing the file name data may execute arbitrary commands in the system with root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1447"
},
{
"db": "BID",
"id": "5056"
},
{
"db": "VULHUB",
"id": "VHN-5832"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5832",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5832"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5056",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1447",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200205-052",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20020619 BUFFER OVERFLOW IN UNIX VPN CLIENT",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020619 [AP] CISCO VPNCLIENT BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "XF",
"id": "9376",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21568",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75393",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5832",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5832"
},
{
"db": "BID",
"id": "5056"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-052"
},
{
"db": "NVD",
"id": "CVE-2002-1447"
}
]
},
"id": "VAR-200205-0150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5832"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:26:25.948000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1447"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5056"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/277653"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml"
},
{
"trust": 1.7,
"url": "http://sec.angrypacket.com/advisories/0002_ap.vpnclient.txt"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9376.php"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/public/sw-center/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5832"
},
{
"db": "BID",
"id": "5056"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-052"
},
{
"db": "NVD",
"id": "CVE-2002-1447"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5832"
},
{
"db": "BID",
"id": "5056"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-052"
},
{
"db": "NVD",
"id": "CVE-2002-1447"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-28T00:00:00",
"db": "VULHUB",
"id": "VHN-5832"
},
{
"date": "2002-06-19T00:00:00",
"db": "BID",
"id": "5056"
},
{
"date": "2002-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-052"
},
{
"date": "2002-05-28T04:00:00",
"db": "NVD",
"id": "CVE-2002-1447"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5832"
},
{
"date": "2009-07-11T13:56:00",
"db": "BID",
"id": "5056"
},
{
"date": "2005-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-052"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-1447"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "5056"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-052"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unix Under Cisco VPN Client Local Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-052"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "5056"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-052"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…