summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2003-0001
blob: 7cd7abbd1918bfc4d2c06fec2cf130ff4f1f590f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Candidate: CVE-2003-0001
References: 
 ATSTAKE:A010603-1
 URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt
 BUGTRAQ:20030110 More information regarding Etherleak
 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2
 VULNWATCH:20030110 More information regarding Etherleak
 URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
 MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
 CERT-VN:VU#412115
 URL:http://www.kb.cert.org/vuls/id/412115
 REDHAT:RHSA-2003:025
 URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
 OVAL:OVAL2665
 URL:http://oval.mitre.org/oval/definitions/data/oval2665.html
Description: 
 Multiple ethernet Network Interface Card (NIC) device drivers do not pad
 frames with null bytes, which allows remote attackers to obtain information
 from previous packets or kernel memory by using malformed packets, as
 demonstrated by Etherleak.
Notes: 
 dannf> A number of drivers had to be fixed, but when looking to see where this
 dannf> patch had been applied, I just tracked the de600.c file changes.  My
 dannf> assumption is that all of the other drivers got fixed at the same time.
 .
 dannf> I've e-mailed the security team + mdz, asking for a patch
Bugs: 
upstream: released (2.4.21-pre4)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: needed
2.4.18-woody-security: released (2.4.18-7)
2.4.17-woody-security: released (2.4.17-1woody1)
2.4.16-woody-security: needed
2.4.17-woody-security-hppa: needed
2.4.17-woody-security-ia64: needed
2.4.18-woody-security-hppa: 

© 2014-2024 Faster IT GmbH | imprint | privacy policy