CVE-2003-0001

Sažetak

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
http://marc.info/?l=bugtraq&m=104222046632243&w=2
http://secunia.com/advisories/7996
http://www.atstake.com/research/advisories/2003/a010603-1.txt
http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
http://www.kb.cert.org/vuls/id/412115
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.osvdb.org/9962
http://www.redhat.com/support/errata/RHSA-2003-025.html
http://www.redhat.com/support/errata/RHSA-2003-088.html
http://www.securityfocus.com/archive/1/305335/30/26420/threaded
http://www.securityfocus.com/archive/1/307564/30/26270/threaded
http://www.securitytracker.com/id/1031583
http://www.securitytracker.com/id/1040185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

30-04-2019 - 14:27

Objavljeno

17-01-2003 - 05:00