CVE-2002-0518 : The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and

The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart.

Published 2002-08-12 04:00:00

Updated 2008-09-05 20:28:14

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2002-0518

Freebsd » Freebsd » Version: 4.5 Update Stable
cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 4.5 Update Release
cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2002-0518

EPSS FAQ

1.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2002-0518

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2002-0518

http://www.iss.net/security_center/static/8873.php
http://www.securityfocus.com/bid/4524

Patch;Vendor Advisory
http://www.iss.net/security_center/static/8875.php

Patch;Vendor Advisory
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc

Jump to

Vulnerability Details : CVE-2002-0518

Products affected by CVE-2002-0518

Exploit prediction scoring system (EPSS) score for CVE-2002-0518

CVSS scores for CVE-2002-0518

References for CVE-2002-0518