CVE
- Id
- 6830
- CVE No.
- CVE-2003-0001
- Status
- Candidate
- Description
- Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
- Phase
- Modified (20161205)
- Votes
- ACCEPT(3) Baker, Cole, Wall | MODIFY(2) Cox, Frech | NOOP(1) Christey
- Comments
- Christey> ENGARDE:ESA-20030318-009 | URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html | CHANGE> [Cox changed vote from ACCEPT to MODIFY] | Cox> Addref: RHSA-2003:088 | Christey> MANDRAKE:MDKSA-2003:039 | URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:039 | Frech> XF:ethernet-driver-information-leak(10996) | Christey> SGI:20030601-01-A | Christey> DEBIAN:DSA-311 | URL:http://www.debian.org/security/2003/dsa-311 | Christey> MANDRAKE:MDKSA-2003:066 | Christey> DEBIAN:DSA-332 | URL:http://www.debian.org/security/2003/dsa-332 | DEBIAN:DSA-336 | URL:http://www.debian.org/security/2003/dsa-336 | Christey> HP:HPSBUX0305-261 | URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0708.1 | DEBIAN:DSA-312 | URL:http://www.debian.org/security/2003/dsa-312 | BID:6535 | URL:http://www.securityfocus.com/bid/6535 | Christey> MANDRAKE:MDKSA-2003:074 | URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:074 | Christey> DEBIAN:DSA-423 | URL:http://www.debian.org/security/2004/dsa-423 | Christey> BUGTRAQ:20040207 [Fwd: zyxel prestige ethernet information leakage] | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107618991322594&w=2 | Christey> DEBIAN:DSA-442 | URL:http://www.debian.org/security/2004/dsa-442 | Christey> SGI:20030601-01-I | URL:ftp://patches.sgi.com/support/free/security/advisories/20030601-01-A | Cox> Change description to say "in Linux 2.4 prior to 2.4.21" as | this was fixed in Linux 2.4.21 by changesets committed by Alan Cox on | 5th Feb 2003.
