ID CVE-2003-0001
Summary Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
References
Vulnerable Configurations
  • FreeBSD 4.2
    cpe:2.3:o:freebsd:freebsd:4.2
  • FreeBSD 4.3
    cpe:2.3:o:freebsd:freebsd:4.3
  • FreeBSD 4.4
    cpe:2.3:o:freebsd:freebsd:4.4
  • FreeBSD 4.5
    cpe:2.3:o:freebsd:freebsd:4.5
  • FreeBSD 4.6
    cpe:2.3:o:freebsd:freebsd:4.6
  • FreeBSD 4.7
    cpe:2.3:o:freebsd:freebsd:4.7
  • Linux Kernel 2.4.1
    cpe:2.3:o:linux:linux_kernel:2.4.1
  • Linux Kernel 2.4.2
    cpe:2.3:o:linux:linux_kernel:2.4.2
  • Linux Kernel 2.4.3
    cpe:2.3:o:linux:linux_kernel:2.4.3
  • Linux Kernel 2.4.4
    cpe:2.3:o:linux:linux_kernel:2.4.4
  • Linux Kernel 2.4.5
    cpe:2.3:o:linux:linux_kernel:2.4.5
  • Linux Kernel 2.4.6
    cpe:2.3:o:linux:linux_kernel:2.4.6
  • Linux Kernel 2.4.7
    cpe:2.3:o:linux:linux_kernel:2.4.7
  • Linux Kernel 2.4.8
    cpe:2.3:o:linux:linux_kernel:2.4.8
  • Linux Kernel 2.4.9
    cpe:2.3:o:linux:linux_kernel:2.4.9
  • Linux Kernel 2.4.10
    cpe:2.3:o:linux:linux_kernel:2.4.10
  • Linux Kernel 2.4.11
    cpe:2.3:o:linux:linux_kernel:2.4.11
  • Linux Kernel 2.4.12
    cpe:2.3:o:linux:linux_kernel:2.4.12
  • Linux Kernel 2.4.13
    cpe:2.3:o:linux:linux_kernel:2.4.13
  • Linux Kernel 2.4.14
    cpe:2.3:o:linux:linux_kernel:2.4.14
  • Linux Kernel 2.4.15
    cpe:2.3:o:linux:linux_kernel:2.4.15
  • Linux Kernel 2.4.16
    cpe:2.3:o:linux:linux_kernel:2.4.16
  • Linux Kernel 2.4.17
    cpe:2.3:o:linux:linux_kernel:2.4.17
  • Linux Kernel 2.4.18
    cpe:2.3:o:linux:linux_kernel:2.4.18
  • Linux Kernel 2.4.19
    cpe:2.3:o:linux:linux_kernel:2.4.19
  • Linux Kernel 2.4.20
    cpe:2.3:o:linux:linux_kernel:2.4.20
  • Microsoft Windows 2000
    cpe:2.3:o:microsoft:windows_2000
  • Microsoft windows 2000_sp1
    cpe:2.3:o:microsoft:windows_2000:-:sp1
  • Microsoft windows 2000_sp2
    cpe:2.3:o:microsoft:windows_2000:-:sp2
  • Microsoft Windows 2000 Terminal Services
    cpe:2.3:o:microsoft:windows_2000_terminal_services
  • Microsoft Windows 2000 Terminal Services Service Pack 1
    cpe:2.3:o:microsoft:windows_2000_terminal_services:-:sp1
  • Microsoft Windows 2000 Terminal Services Service Pack 2
    cpe:2.3:o:microsoft:windows_2000_terminal_services:-:sp2
  • NetBSD 1.5
    cpe:2.3:o:netbsd:netbsd:1.5
  • NetBSD 1.5.1
    cpe:2.3:o:netbsd:netbsd:1.5.1
  • NetBSD 1.5.2
    cpe:2.3:o:netbsd:netbsd:1.5.2
  • NetBSD 1.5.3
    cpe:2.3:o:netbsd:netbsd:1.5.3
  • NetBSD 1.6
    cpe:2.3:o:netbsd:netbsd:1.6
CVSS
Base: 5.0 (as of 13-06-2016 - 11:15)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
  • description Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure. CVE-2003-0001. Remote exploit for unix platform
    id EDB-ID:22131
    last seen 2016-02-02
    modified 2007-03-23
    published 2007-03-23
    reporter Jon Hart
    source https://www.exploit-db.com/download/22131/
    title Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure
  • description Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak. CVE-2003-0001. Dos exploit for hardware platform
    id EDB-ID:26076
    last seen 2016-02-03
    modified 2013-06-10
    published 2013-06-10
    reporter prdelka
    source https://www.exploit-db.com/download/26076/
    title Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak
  • description Ethernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak). CVE-2003-0001. Remote exploits for multiple platform
    id EDB-ID:3555
    last seen 2016-01-31
    modified 2007-03-23
    published 2007-03-23
    reporter Jon Hart
    source https://www.exploit-db.com/download/3555/
    title Ethernet Device Drivers Frame Padding - Info Leakage Exploit Etherleak
nessus via4
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_JSA10579.NASL
    description According to its self-reported version number, the remote Junos device has an information disclosure vulnerability. SRX1400, SRX3400, and SRX3600 services gateways pad Ethernet packets with data from previous packets instead of padding them with null bytes. A remote, unauthenticated attacker could exploit this to gain access to sensitive information, which could be used to mount further attacks.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 68912
    published 2013-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68912
    title Juniper Junos SRX1400/3400/3600 Etherleak Information Disclosure (JSA10579)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-039.NASL
    description A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release. A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute : echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content '/sbin/modprobe' in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. As well, multiple ethernet device drivers do not pad frames with null bytes, which could allow remote attackers to obtain information from previous packets or kernel memory by using malformed packets. Finally, the 2.2 kernel allows local users to cause a crash of the host system by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. All users are encouraged to upgrade to the latest kernel version provided. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to : http://www.mandrakesecure.net/en/kernelupdate.php
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14023
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14023
    title Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS_JAN2015_SRU11_1_11_4_0.NASL
    description This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. (CVE-2003-0001) - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC Utility). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2015-0429) - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC Utility). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. (CVE-2015-0430)
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 80936
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80936
    title Oracle Solaris Critical Patch Update : jan2015_SRU11_1_11_4_0
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_125907-02.NASL
    description Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 107944
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107944
    title Solaris 10 (x86) : 125907-02
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_28143.NASL
    description s700_800 11.00 LAN product cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 16670
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16670
    title HP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_29244.NASL
    description s700_800 11.04 (VVOS) EISA 100BT cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 16926
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16926
    title HP-UX PHNE_29244 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
  • NASL family Misc.
    NASL id ETHERLEAK.NASL
    description The remote host uses a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card. Known as 'Etherleak', this information disclosure vulnerability may allow an attacker to collect sensitive information from the affected host provided he is on the same physical subnet as that host.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 11197
    published 2003-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11197
    title Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_28636.NASL
    description s700_800 11.00 EISA 100BT cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 17417
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17417
    title HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-423.NASL
    description The IA-64 maintainers fixed several security related bugs in the Linux kernel 2.4.17 used for the IA-64 architecture, mostly by backporting fixes from 2.4.18. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CAN-2003-0001 : Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. - CAN-2003-0018 : Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. - CAN-2003-0127 : The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process which is spawned by the kernel. - CAN-2003-0461 : The virtual file /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. - CAN-2003-0462 : A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). - CAN-2003-0476 : The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. - CAN-2003-0501 : The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. - CAN-2003-0550 : The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. - CAN-2003-0551 : The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. - CAN-2003-0552 : Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. - CAN-2003-0961 : An integer overflow in brk system call (do_brk function) for Linux kernel 2.4.22 and earlier allows local users to gain root privileges. - CAN-2003-0985 : The mremap system call (do_mremap) in Linux kernel 2.4 and 2.6 does not properly perform boundary checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15260
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15260
    title Debian DSA-423-1 : linux-kernel-2.4.17-ia64 - several vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_125907.NASL
    description Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. This plugin has been deprecated and either replaced with individual 125907 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 69906
    published 2013-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69906
    title Solaris 10 (x86) : 125907-02 (deprecated)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_29267.NASL
    description s700_800 11.04 (VVOS) LAN product cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 17420
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17420
    title HP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-066.NASL
    description Multiple vulnerabilities were discovered and fixed in the Linux kernel. - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. - CVE-2003-0462: A file read race existed in the execve() system call. As well, a number of bug fixes were made in the 9.1 kernel including : - Support for more machines that did not work with APIC - Audigy2 support - New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394, orinoco, via-rhine, - Fixed SiS IOAPIC - IRQ balancing has been fixed for SMP - Updates to ext3 - The previous ptrace fix has been redone to work better - Bugs with compiling kernels using xconfig have been fixed - Problems with ipsec have been corrected - XFS ACLs are now present - gdb not working on XFS root filesystems has been fixed MandrakeSoft encourages all users to upgrade to these new kernels. Updated kernels will be available shortly for other supported platforms and architectures. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. Update : The kernels provided in MDKSA-2003:066-1 (2.4.21-0.24mdk) had a problem where all files created on any filesystem other than XFS, and using any kernel other than kernel-secure, would be created with mode 0666, or world writeable. The 0.24mdk kernels have been removed from the mirrors and users are encouraged to upgrade and remove those kernels from their systems to prevent accidentally booting into them. That issue has been addressed and fixed with these new kernels.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14049
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14049
    title Mandrake Linux Security Advisory : kernel (MDKSA-2003:066-2)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-442.NASL
    description Several security related problems have been fixed in the Linux kernel 2.4.17 used for the S/390 architecture, mostly by backporting fixes from 2.4.18 and incorporating recent security fixes. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CVE-2002-0429 : The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). - CAN-2003-0001 : Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. - CAN-2003-0244 : The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CAN-2003-0246 : The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CAN-2003-0247 : A vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops'). - CAN-2003-0248 : The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. - CAN-2003-0364 : The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions. - CAN-2003-0961 : An integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23. - CAN-2003-0985 : Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. Fixed upstream in Linux 2.4.24. - CAN-2004-0077 : Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15279
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15279
    title Debian DSA-442-1 : linux-kernel-2.4.17-s390 - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-312.NASL
    description A number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops'). CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions. This advisory covers only the powerpc architecture. Other architectures will be covered by separate advisories.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15149
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15149
    title Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-332.NASL
    description A number of vulnerabilities have been discovered in the Linux kernel. - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall) - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets - CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel - CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops') - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions This advisory provides corrected source code for Linux 2.4.17, and corrected binary kernel images for the mips and mipsel architectures. Other versions and architectures will be covered by separate advisories.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15169
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15169
    title Debian DSA-332-1 : linux-kernel-2.4.17 - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-336.NASL
    description A number of vulnerabilities have been discovered in the Linux kernel. - CAN-2002-1380: Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall) - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets - CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel - CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops') - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions This advisory provides updated 2.2.20 kernel source, and binary kernel images for the i386 architecture. Other architectures and kernel versions will be covered by separate advisories.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15173
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15173
    title Debian DSA-336-1 : linux-kernel-2.2.20 - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-311.NASL
    description A number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops'). CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions. This advisory covers only the i386 (Intel IA32) architectures. Other architectures will be covered by separate advisories.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15148
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15148
    title Debian DSA-311-1 : linux-kernel-2.4.18 - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-074.NASL
    description Multiple vulnerabilities were discovered and fixed in the Linux kernel. - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. - CVE-2003-0462: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14057
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14057
    title Mandrake Linux Security Advisory : kernel (MDKSA-2003:074)
oval via4
accepted 2016-02-19T10:00:00.000-04:00
class vulnerability
contributors
  • name Brian Soby
    organization The MITRE Corporation
  • name Matthew Wojcik
    organization The MITRE Corporation
description Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
family unix
id oval:org.mitre.oval:def:2665
status accepted
submitted 2004-12-30T12:00:00.000-04:00
title Data Leak in NIC
version 31
packetstorm via4
redhat via4
advisories
  • rhsa
    id RHSA-2003:025
  • rhsa
    id RHSA-2003:088
refmap via4
atstake A010603-1
bugtraq
  • 20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)
  • 20030110 More information regarding Etherleak
  • 20030117 Re: More information regarding Etherleak
cert-vn VU#412115
confirm http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
misc http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
osvdb 9962
sectrack
  • 1031583
  • 1040185
secunia 7996
vulnwatch 20030110 More information regarding Etherleak
Last major update 06-12-2016 - 21:59
Published 17-01-2003 - 00:00
Last modified 30-04-2019 - 10:27
Back to Top