{"api_version":"1","generated_at":"2026-04-23T06:08:03+00:00","cve":"CVE-2002-0884","urls":{"html":"https://cve.report/CVE-2002-0884","api":"https://cve.report/api/cve/CVE-2002-0884.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2002-0884","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2002-0884"},"summary":{"title":"CVE-2002-0884","description":"Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error.","state":"PUBLISHED","assigner":"mitre","published_at":"2002-10-04 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt","name":"ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.securityfocus.com/bid/4791","name":"http://www.securityfocus.com/bid/4791","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Multiple Vendor In.Rarpd Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.iss.net/security_center/static/9150.php","name":"http://www.iss.net/security_center/static/9150.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"ISS X-Force Database: solaris-inrarpd-code-execution (9150): Solaris in.rarpd multiple buffer overflows and format strings could allow an attacker to execute arbitrary code","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html","name":"http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Neohapsis Archives - VulnWatch - [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd - From davidreign@hotmail.com","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://online.securityfocus.com/archive/1/273584","name":"http://online.securityfocus.com/archive/1/273584","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus HOME Mailing List: BugTraq","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2002-0884","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-0884","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2002","cve_id":"884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"caldera","cpe5":"openunix","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"caldera","cpe5":"unixware","cpe6":"7.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"sun","cpe5":"sunos","cpe6":"5.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"sun","cpe5":"sunos","cpe6":"5.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T03:03:49.268Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"4791","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/4791"},{"name":"20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd","tags":["mailing-list","x_refsource_VULNWATCH","x_transferred"],"url":"http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html"},{"name":"20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://online.securityfocus.com/archive/1/273584"},{"name":"CSSA-2002-SCO.29","tags":["vendor-advisory","x_refsource_CALDERA","x_transferred"],"url":"ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt"},{"name":"solaris-inrarpd-code-execution(9150)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"http://www.iss.net/security_center/static/9150.php"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2002-05-22T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2002-09-10T09:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"4791","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/4791"},{"name":"20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd","tags":["mailing-list","x_refsource_VULNWATCH"],"url":"http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html"},{"name":"20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://online.securityfocus.com/archive/1/273584"},{"name":"CSSA-2002-SCO.29","tags":["vendor-advisory","x_refsource_CALDERA"],"url":"ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt"},{"name":"solaris-inrarpd-code-execution(9150)","tags":["vdb-entry","x_refsource_XF"],"url":"http://www.iss.net/security_center/static/9150.php"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2002-0884","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"4791","refsource":"BID","url":"http://www.securityfocus.com/bid/4791"},{"name":"20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd","refsource":"VULNWATCH","url":"http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html"},{"name":"20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd","refsource":"BUGTRAQ","url":"http://online.securityfocus.com/archive/1/273584"},{"name":"CSSA-2002-SCO.29","refsource":"CALDERA","url":"ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt"},{"name":"solaris-inrarpd-code-execution(9150)","refsource":"XF","url":"http://www.iss.net/security_center/static/9150.php"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2002-0884","datePublished":"2002-08-31T04:00:00.000Z","dateReserved":"2002-08-16T00:00:00.000Z","dateUpdated":"2024-08-08T03:03:49.268Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2002-10-04 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:caldera:unixware:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"9341A7B9-9087-4022-BA1C-254B0050FA88"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:caldera:openunix:8.0:*:*:*:*:*:*:*","matchCriteriaId":"979D9A9B-2A7E-40D4-846C-A195EC89CCEA"},{"vulnerable":true,"criteria":"cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*","matchCriteriaId":"08003947-A4F1-44AC-84C6-9F8D097EB759"},{"vulnerable":true,"criteria":"cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*","matchCriteriaId":"A2475113-CFE4-41C8-A86F-F2DA6548D224"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2002","CveId":"884","Ordinal":"1","Title":"CVE-2002-0884","CVE":"CVE-2002-0884","Year":"2002"},"notes":[{"CveYear":"2002","CveId":"884","Ordinal":"1","NoteData":"Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error.","Type":"Description","Title":"CVE-2002-0884"},{"CveYear":"2002","CveId":"884","Ordinal":"2","NoteData":"2002-08-31","Type":"Other","Title":"Published"},{"CveYear":"2002","CveId":"884","Ordinal":"3","NoteData":"2002-09-10","Type":"Other","Title":"Modified"}]}}}