Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0001

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0001
Last Modified 14 Apr 2015 09:59:13
Published 17 Jan 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0001

Summary

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

Vulnerable Systems

Operating System

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.7

  • Linux Kernel 2.4.1

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.11

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.2

  • Linux Kernel 2.4.20

  • Linux Kernel 2.4.3

  • Linux Kernel 2.4.4

  • Linux Kernel 2.4.5

  • Linux Kernel 2.4.6

  • Linux Kernel 2.4.7

  • Linux Kernel 2.4.8

  • Linux Kernel 2.4.9

  • Microsoft Windows 2000

  • Microsoft Windows 2000 Terminal Services

  • Netbsd 1.5

  • Netbsd 1.5.1

  • Netbsd 1.5.2

  • Netbsd 1.5.3

  • Netbsd 1.6


References

CERT-VN - VU#412115

REDHAT - RHSA-2003:025

MISC - http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf

ATSTAKE - A010603-1

BUGTRAQ - 20030110 More information regarding Etherleak

BUGTRAQ - 20030117 Re: More information regarding Etherleak

BUGTRAQ - 20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)

REDHAT - RHSA-2003:088

OSVDB - 9962

SECUNIA - 7996

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

BUGTRAQ - 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE

MISC - http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html


Last Updated: 27 May 2016 11:07:35