CVE-2002-1447
published 2002-05-28CVE-2002-1447: Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a…
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.46%
70.3th percentile
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | vpn_client | <= 3.5.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wqv5-wj63-xvh5: Buffer overflow in the vpnclient program for UNIX VPN Client before 3
ghsa_unreviewed·2022-04-30
CVE-2002-1447 [HIGH] GHSA-wqv5-wj63-xvh5: Buffer overflow in the vpnclient program for UNIX VPN Client before 3
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
Cisco
Buffer Overflow in UNIX VPN Client
vendor_cisco·2002-06-19
CVE-2002-1447 CWE-119 Buffer Overflow in UNIX VPN Client
Buffer Overflow in UNIX VPN Client
A buffer overflow in the Cisco VPN Clients for Linux, Solaris, and Mac
OS X platforms can be exploited locally to gain administrative privileges on
the client system. The vulnerability can be mitigated by removing the "setuid"
permissions on the vpnclient binary executable file. The Cisco VPN Clients for
Windows platforms are not affected.
The vulnerability has been repaired in version 3.5.2. Cisco is making
fixed software available free to affected customers. This issue is documented
as CSCdx39290. Cisco is not aware of any public discussion or
active exploitation of this vulnerability.
The official current copy of this security advisory is available at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020619-uni
Cisco
Buffer Overflow in UNIX VPN Client
vendor_cisco
CVE-2002-1447 Buffer Overflow in UNIX VPN Client
CVE-2002-1447: Buffer Overflow in UNIX VPN Client
A buffer overflow in the Cisco VPN Clients for Linux, Solaris, and Mac OS X platforms can be exploited locally to gain administrative privileges on the client system. The vulnerability can be mitigated by removing the "setuid" permissions on the vpnclient binary executable file. The Cisco VPN Clients for Windows platforms are not affected. The vulnerability has been repaired in version 3.5.2. Cisco is making fixed software available free to affected customers. This issue is documented as CSCdx39290 . Cisco is not aware of any public discussion or active exploitation of this vulnerability. The official current copy of this security advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa
No detection rules found.
No writeups or analysis indexed.
http://online.securityfocus.com/archive/1/277653http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txthttp://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtmlhttp://www.iss.net/security_center/static/9376.phphttp://www.securityfocus.com/bid/5056http://online.securityfocus.com/archive/1/277653http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txthttp://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtmlhttp://www.iss.net/security_center/static/9376.phphttp://www.securityfocus.com/bid/5056
2002-05-28
Published