CVE-2003-0001

Description

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

CVSS Metrics

• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 4.32%• Percentile: 89%

Techniques & Countermeasures

• CWE-200•Exposure of Sensitive Information to an Unauthorized Actor

  The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

• freebsd•freebsd

  4.2 | 4.3 | 4.4 | 4.5 | 4.6 | 4.7

• linux•linux_kernel

  2.4.1 | 2.4.2 | 2.4.3 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 | 2.4.9 | 2.4.10 | 2.4.11 | 2.4.12 | 2.4.13 | 2.4.14 | 2.4.15 | 2.4.16 | 2.4.17 | 2.4.18 | 2.4.19 | 2.4.20

• netbsd•netbsd

  1.5 | 1.5.1 | 1.5.2 | 1.5.3 | 1.6

References (15)

• http://www.securityfocus.com/archive/1/307564/30/26270/threaded
• http://www.securitytracker.com/id/1031583
• http://www.osvdb.org/9962
• http://www.redhat.com/support/errata/RHSA-2003-088.html
• http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
• http://marc.info/?l=bugtraq&m=104222046632243&w=2
• http://www.kb.cert.org/vuls/id/412115
• http://www.securityfocus.com/archive/1/305335/30/26420/threaded
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665
• http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
• http://www.redhat.com/support/errata/RHSA-2003-025.html
• http://secunia.com/advisories/7996
• http://www.atstake.com/research/advisories/2003/a010603-1.txt
• http://www.securitytracker.com/id/1040185
• http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf