Vulnerability Description
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 4.2 |
| Linux | Linux Kernel | 2.4.1 |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2000 Terminal Services | All versions |
| Netbsd | Netbsd | 1.5 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
- http://marc.info/?l=bugtraq&m=104222046632243&w=2
- http://secunia.com/advisories/7996
- http://www.atstake.com/research/advisories/2003/a010603-1.txtVendor Advisory
- http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
- http://www.kb.cert.org/vuls/id/412115Third Party AdvisoryUS Government Resource
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.osvdb.org/9962
- http://www.redhat.com/support/errata/RHSA-2003-025.html
- http://www.redhat.com/support/errata/RHSA-2003-088.html
- http://www.securityfocus.com/archive/1/305335/30/26420/threaded
- http://www.securityfocus.com/archive/1/307564/30/26270/threaded
- http://www.securitytracker.com/id/1031583
- http://www.securitytracker.com/id/1040185
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2003-0001?
CVE-2003-0001 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using mal...
How severe is CVE-2003-0001?
CVE-2003-0001 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0001?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd, Linux Linux Kernel, Microsoft Windows 2000, Microsoft Windows 2000 Terminal Services, Netbsd Netbsd.