blob: 7cd7abbd1918bfc4d2c06fec2cf130ff4f1f590f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
Candidate: CVE-2003-0001
References:
ATSTAKE:A010603-1
URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt
BUGTRAQ:20030110 More information regarding Etherleak
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2
VULNWATCH:20030110 More information regarding Etherleak
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
CERT-VN:VU#412115
URL:http://www.kb.cert.org/vuls/id/412115
REDHAT:RHSA-2003:025
URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
OVAL:OVAL2665
URL:http://oval.mitre.org/oval/definitions/data/oval2665.html
Description:
Multiple ethernet Network Interface Card (NIC) device drivers do not pad
frames with null bytes, which allows remote attackers to obtain information
from previous packets or kernel memory by using malformed packets, as
demonstrated by Etherleak.
Notes:
dannf> A number of drivers had to be fixed, but when looking to see where this
dannf> patch had been applied, I just tracked the de600.c file changes. My
dannf> assumption is that all of the other drivers got fixed at the same time.
.
dannf> I've e-mailed the security team + mdz, asking for a patch
Bugs:
upstream: released (2.4.21-pre4)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: needed
2.4.18-woody-security: released (2.4.18-7)
2.4.17-woody-security: released (2.4.17-1woody1)
2.4.16-woody-security: needed
2.4.17-woody-security-hppa: needed
2.4.17-woody-security-ia64: needed
2.4.18-woody-security-hppa:
|