CVE-2002-0872

HIGH

Description

l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions.

References

http://www.debian.org/security/2002/dsa-152

http://www.iss.net/security_center/static/9845.php

http://www.securityfocus.com/bid/5451

Details

Source: MITRE

Published: 2002-09-05

Updated: 2008-09-10

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH