CVE-2003-0001 Information

Description

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets as demonstrated by Etherleak.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html http://marc.info/?l=bugtraq&m=104222046632243&w=2 http://secunia.com/advisories/7996 http://www.atstake.com/research/advisories/2003/a010603-1.txt http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf http://www.kb.cert.org/vuls/id/412115 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.osvdb.org/9962 http://www.redhat.com/support/errata/RHSA-2003-025.html http://www.redhat.com/support/errata/RHSA-2003-088.html http://www.securityfocus.com/archive/1/305335/30/26420/threaded http://www.securityfocus.com/archive/1/307564/30/26270/threaded http://www.securitytracker.com/id/1031583 http://www.securitytracker.com/id/1040185 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A2665