VAR-200212-0116
Vulnerability from variot - Updated: 2025-04-03 22:19configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when downloaded from monkey.org on May 17, 2002, has been modified to contain a backdoor, which allows remote attackers to access the system. The server hosting fragroute, fragrouter, and dsniff, www.monkey.org, was compromised recently. It has been reported that the intruder made modifications to the source code of fragroute, fragrouter and dsniff to include a backdoor. This backdoor allowed a user from the IP address 216.80.99.202 to remotely execute commands on the host that it was installed on. The source code is reported to have been corrupted on May 17, 2002. Downloads of the source from monkey.org during this time likely contain the trojan code. A confirmed MD5 sum of a contaminated archive is: 65edbfc51f8070517f14ceeb8f721075 If a fragroute install was based on an archive with this MD5 sum, it is likely that the backdoor code was executed. It is possible for other backdoored archives to have different MD5 sums. If it is believed that a trojan horse copy of fragroute has been installed, administrators should remove systems from the network and thoroughly inspect/clean the system. As of this writing (05-31-2002), the current version available from monkey.org has the following MD5 sum: 7e4de763fae35a50e871bdcd1ac8e23a It is believed that this version is clean. Caution should still be exercised when building and installing. Dsniff 2.3, fragroute 1.2, and fragrouter 1.6 configurations are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fragroute",
"scope": "eq",
"trust": 1.6,
"vendor": "dug song",
"version": "1.2"
},
{
"model": "fragrouter",
"scope": "eq",
"trust": 1.6,
"vendor": "dug song",
"version": "1.6"
},
{
"model": "dsniff",
"scope": "eq",
"trust": 1.6,
"vendor": "dug song",
"version": "2.3"
},
{
"model": "song fragrouter",
"scope": "eq",
"trust": 0.3,
"vendor": "dug",
"version": "1.6"
},
{
"model": "song fragroute",
"scope": "eq",
"trust": 0.3,
"vendor": "dug",
"version": "1.2"
},
{
"model": "song dsniff",
"scope": "eq",
"trust": 0.3,
"vendor": "dug",
"version": "2.3"
}
],
"sources": [
{
"db": "BID",
"id": "4898"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-452"
},
{
"db": "NVD",
"id": "CVE-2002-2049"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability announced by Anders Nordby \u003canders@fix.no\u003e.",
"sources": [
{
"db": "BID",
"id": "4898"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-452"
}
],
"trust": 0.9
},
"cve": "CVE-2002-2049",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2049",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6432",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2049",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-452",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-6432",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6432"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-452"
},
{
"db": "NVD",
"id": "CVE-2002-2049"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when downloaded from monkey.org on May 17, 2002, has been modified to contain a backdoor, which allows remote attackers to access the system. The server hosting fragroute, fragrouter, and dsniff, www.monkey.org, was compromised recently. It has been reported that the intruder made modifications to the source code of fragroute, fragrouter and dsniff to include a backdoor. This backdoor allowed a user from the IP address 216.80.99.202 to remotely execute commands on the host that it was installed on. The source code is reported to have been corrupted on May 17, 2002. Downloads of the source from monkey.org during this time likely contain the trojan code. \nA confirmed MD5 sum of a contaminated archive is:\n65edbfc51f8070517f14ceeb8f721075\nIf a fragroute install was based on an archive with this MD5 sum, it is likely that the backdoor code was executed. It is possible for other backdoored archives to have different MD5 sums. If it is believed that a trojan horse copy of fragroute has been installed, administrators should remove systems from the network and thoroughly inspect/clean the system. \nAs of this writing (05-31-2002), the current version available from monkey.org has the following MD5 sum:\n7e4de763fae35a50e871bdcd1ac8e23a\nIt is believed that this version is clean. Caution should still be exercised when building and installing. Dsniff 2.3, fragroute 1.2, and fragrouter 1.6 configurations are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2049"
},
{
"db": "BID",
"id": "4898"
},
{
"db": "VULHUB",
"id": "VHN-6432"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4898",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-2049",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-452",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020531 TROJAN/BACKDOOR IN FRAGROUTE 1.2 SOURCE DISTRIBUTION",
"trust": 0.6
},
{
"db": "XF",
"id": "9272",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6432",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6432"
},
{
"db": "BID",
"id": "4898"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-452"
},
{
"db": "NVD",
"id": "CVE-2002-2049"
}
]
},
"id": "VAR-200212-0116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6432"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:19:26.121000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2049"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=38716"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4898"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0281.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9272.php"
},
{
"trust": 0.3,
"url": "http://www.monkey.org/~dugsong/fragroute/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6432"
},
{
"db": "BID",
"id": "4898"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-452"
},
{
"db": "NVD",
"id": "CVE-2002-2049"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6432"
},
{
"db": "BID",
"id": "4898"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-452"
},
{
"db": "NVD",
"id": "CVE-2002-2049"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6432"
},
{
"date": "2002-05-31T00:00:00",
"db": "BID",
"id": "4898"
},
{
"date": "2002-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-452"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2049"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6432"
},
{
"date": "2002-05-31T00:00:00",
"db": "BID",
"id": "4898"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-452"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-2049"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-452"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fragroute/Dsniff/Fragrouter Configuration script Trojan vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-452"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "4898"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-452"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…