CVE - CVE-2003-0001

CVE-ID
CVE-2003-0001	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
ATSTAKE:A010603-1 URL:~~http://www.atstake.com/research/advisories/2003/a010603-1.txt~~ (Obsolete source - check if archived by the Wayback Machine) BUGTRAQ:20030106 Etherleak: Ethernet frame padding information leakage (A010603-1) URL:http://www.securityfocus.com/archive/1/305335/30/26420/threaded BUGTRAQ:20030110 More information regarding Etherleak URL:http://marc.info/?l=bugtraq&m=104222046632243&w=2 BUGTRAQ:20030117 Re: More information regarding Etherleak URL:http://www.securityfocus.com/archive/1/307564/30/26270/threaded CERT-VN:VU#412115 URL:http://www.kb.cert.org/vuls/id/412115 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html MISC:~~http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf~~ (Obsolete source - check if archived by the Wayback Machine) OSVDB:9962 URL:~~http://www.osvdb.org/9962~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:2665 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665 REDHAT:RHSA-2003:025 URL:http://www.redhat.com/support/errata/RHSA-2003-025.html REDHAT:RHSA-2003:088 URL:http://www.redhat.com/support/errata/RHSA-2003-088.html SECTRACK:1031583 URL:http://www.securitytracker.com/id/1031583 SECTRACK:1040185 URL:http://www.securitytracker.com/id/1040185 SECUNIA:7996 URL:http://secunia.com/advisories/7996 VULNWATCH:20030110 More information regarding Etherleak URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
Assigning CNA
MITRE Corporation
Date Record Created
20030102	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20180116)
Votes (Legacy)
ACCEPT(3) Baker, Cole, Wall MODIFY(2) Cox, Frech NOOP(1) Christey
Comments (Legacy)
Christey> ENGARDE:ESA-20030318-009 URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html CHANGE> [Cox changed vote from ACCEPT to MODIFY] Cox> Addref: RHSA-2003:088 Christey> MANDRAKE:MDKSA-2003:039 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:039 Frech> XF:ethernet-driver-information-leak(10996) Christey> SGI:20030601-01-A Christey> DEBIAN:DSA-311 URL:http://www.debian.org/security/2003/dsa-311 Christey> MANDRAKE:MDKSA-2003:066 Christey> DEBIAN:DSA-332 URL:http://www.debian.org/security/2003/dsa-332 DEBIAN:DSA-336 URL:http://www.debian.org/security/2003/dsa-336 Christey> HP:HPSBUX0305-261 URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0708.1 DEBIAN:DSA-312 URL:http://www.debian.org/security/2003/dsa-312 BID:6535 URL:http://www.securityfocus.com/bid/6535 Christey> MANDRAKE:MDKSA-2003:074 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:074 Christey> DEBIAN:DSA-423 URL:http://www.debian.org/security/2004/dsa-423 Christey> BUGTRAQ:20040207 [Fwd: zyxel prestige ethernet information leakage] URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107618991322594&w=2 Christey> DEBIAN:DSA-442 URL:http://www.debian.org/security/2004/dsa-442 Christey> SGI:20030601-01-I URL:ftp://patches.sgi.com/support/free/security/advisories/20030601-01-A Cox> Change description to say "in Linux 2.4 prior to 2.4.21" as this was fixed in Linux 2.4.21 by changesets committed by Alan Cox on 5th Feb 2003.
Proposed (Legacy)
20030317
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)