Sign-up

ID

VAR-200212-0450


CVE

CVE-2002-1779


TITLE

Symantec Norton Personal Firewall 2002 Packet fragmentation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-430

DESCRIPTION

The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305). It has been reported that NPW may not adequately filter packet fragments. In particular, denial of service attacks based on fragmented packets have been reported to work effectively against systems protected by NPW. This may happen even if the attacking address is entirely blocked from the system. These issues have not been confirmed

Trust: 1.35

sources: NVD: CVE-2002-1779 // BID: 4545 // VULHUB: VHN-6162 // VULMON: CVE-2002-1779

AFFECTED PRODUCTS

vendor:symantecmodel:norton personal firewallscope:eqversion:2002

Trust: 1.9

sources: BID: 4545 // CNNVD: CNNVD-200212-430 // NVD: CVE-2002-1779

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1779
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200212-430
value: HIGH

Trust: 0.6

VULHUB: VHN-6162
value: HIGH

Trust: 0.1

VULMON: CVE-2002-1779
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-1779
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-6162
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6162 // VULMON: CVE-2002-1779 // CNNVD: CNNVD-200212-430 // NVD: CVE-2002-1779

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1779

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-430

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200212-430

EXTERNAL IDS

db:BIDid:4545

Trust: 2.1

db:NVDid:CVE-2002-1779

Trust: 1.8

db:CNNVDid:CNNVD-200212-430

Trust: 0.7

db:VULHUBid:VHN-6162

Trust: 0.1

db:VULMONid:CVE-2002-1779

Trust: 0.1

sources: VULHUB: VHN-6162 // VULMON: CVE-2002-1779 // BID: 4545 // CNNVD: CNNVD-200212-430 // NVD: CVE-2002-1779

REFERENCES

url:http://securityresponse.symantec.com/avcenter/security/content/2002.05.16.html

Trust: 2.1

url:http://www.securityfocus.com/bid/4545

Trust: 1.8

url:http://online.securityfocus.com/archive/1/267850

Trust: 1.2

url:http://www.symantec.com/sabu/nis/npf/

Trust: 0.3

url:http://windowsupdate.microsoft.com

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=3622

Trust: 0.1

sources: VULHUB: VHN-6162 // VULMON: CVE-2002-1779 // BID: 4545 // CNNVD: CNNVD-200212-430 // NVD: CVE-2002-1779

CREDITS

Discovered by Alfonso Fiore <afiore@secure-edge.com>.

Trust: 0.9

sources: BID: 4545 // CNNVD: CNNVD-200212-430

SOURCES

db:VULHUBid:VHN-6162
db:VULMONid:CVE-2002-1779
db:BIDid:4545
db:CNNVDid:CNNVD-200212-430
db:NVDid:CVE-2002-1779

LAST UPDATE DATE

2025-04-03T22:26:20.679000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-6162date:2008-09-05T00:00:00
db:VULMONid:CVE-2002-1779date:2008-09-05T00:00:00
db:BIDid:4545date:2002-04-16T00:00:00
db:CNNVDid:CNNVD-200212-430date:2005-10-20T00:00:00
db:NVDid:CVE-2002-1779date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-6162date:2002-12-31T00:00:00
db:VULMONid:CVE-2002-1779date:2002-12-31T00:00:00
db:BIDid:4545date:2002-04-16T00:00:00
db:CNNVDid:CNNVD-200212-430date:2002-12-31T00:00:00
db:NVDid:CVE-2002-1779date:2002-12-31T05:00:00