Vulnerability CVE-2003-0001
Published: 2003-01-17   Modified: 2012-02-12

Description:
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

See advisories in our WLB2 database:
Topic
Author
Date
High
Cisco ASA Ethernet Information Leak
prdelka
11.06.2013

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Netbsd -> Netbsd 
Microsoft -> Windows 2000 
Microsoft -> Windows 2000 terminal services 
Linux -> Linux kernel 
Freebsd -> Freebsd 

 References:
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
http://marc.info/?l=bugtraq&m=104222046632243&w=2
http://www.atstake.com/research/advisories/2003/a010603-1.txt
http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
http://www.kb.cert.org/vuls/id/412115
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.redhat.com/support/errata/RHSA-2003-025.html
http://www.redhat.com/support/errata/RHSA-2003-088.html
http://www.securityfocus.com/archive/1/305335/30/26420/threaded
http://www.securityfocus.com/archive/1/307564/30/26270/threaded
http://www.securitytracker.com/id/1031583
http://www.securitytracker.com/id/1040185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665
Copyright 2024, cxsecurity.com

 

Back to Top