Vulnerability Details CVE-2003-0001
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
- http://marc.info/?l=bugtraq&m=104222046632243&w=2
- http://secunia.com/advisories/7996
- http://www.atstake.com/research/advisories/2003/a010603-1.txt
- http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
- http://www.kb.cert.org/vuls/id/412115
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.osvdb.org/9962
- http://www.redhat.com/support/errata/RHSA-2003-025.html
- http://www.redhat.com/support/errata/RHSA-2003-088.html
- http://www.securityfocus.com/archive/1/305335/30/26420/threaded
- http://www.securityfocus.com/archive/1/307564/30/26270/threaded
- http://www.securitytracker.com/id/1031583
- http://www.securitytracker.com/id/1040185
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
- http://marc.info/?l=bugtraq&m=104222046632243&w=2
- http://secunia.com/advisories/7996
- http://www.atstake.com/research/advisories/2003/a010603-1.txt
- http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
- http://www.kb.cert.org/vuls/id/412115
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.osvdb.org/9962
- http://www.redhat.com/support/errata/RHSA-2003-025.html
- http://www.redhat.com/support/errata/RHSA-2003-088.html
- http://www.securityfocus.com/archive/1/305335/30/26420/threaded
- http://www.securityfocus.com/archive/1/307564/30/26270/threaded
- http://www.securitytracker.com/id/1031583
- http://www.securitytracker.com/id/1040185
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665
Products affected by CVE-2003-0001
-
cpe:2.3:o:freebsd:freebsd:4.2
-
cpe:2.3:o:freebsd:freebsd:4.3
-
cpe:2.3:o:freebsd:freebsd:4.4
-
cpe:2.3:o:freebsd:freebsd:4.5
-
cpe:2.3:o:freebsd:freebsd:4.6
-
cpe:2.3:o:freebsd:freebsd:4.7
-
cpe:2.3:o:linux:linux_kernel:2.4.1
-
cpe:2.3:o:linux:linux_kernel:2.4.10
-
cpe:2.3:o:linux:linux_kernel:2.4.11
-
cpe:2.3:o:linux:linux_kernel:2.4.12
-
cpe:2.3:o:linux:linux_kernel:2.4.13
-
cpe:2.3:o:linux:linux_kernel:2.4.14
-
cpe:2.3:o:linux:linux_kernel:2.4.15
-
cpe:2.3:o:linux:linux_kernel:2.4.16
-
cpe:2.3:o:linux:linux_kernel:2.4.17
-
cpe:2.3:o:linux:linux_kernel:2.4.18
-
cpe:2.3:o:linux:linux_kernel:2.4.19
-
cpe:2.3:o:linux:linux_kernel:2.4.2
-
cpe:2.3:o:linux:linux_kernel:2.4.20
-
cpe:2.3:o:linux:linux_kernel:2.4.3
-
cpe:2.3:o:linux:linux_kernel:2.4.4
-
cpe:2.3:o:linux:linux_kernel:2.4.5
-
cpe:2.3:o:linux:linux_kernel:2.4.6
-
cpe:2.3:o:linux:linux_kernel:2.4.7
-
cpe:2.3:o:linux:linux_kernel:2.4.8
-
cpe:2.3:o:linux:linux_kernel:2.4.9
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_2000:beta3
-
cpe:2.3:o:microsoft:windows_2000_terminal_services:-
-
cpe:2.3:o:netbsd:netbsd:1.5
-
cpe:2.3:o:netbsd:netbsd:1.5.1
-
cpe:2.3:o:netbsd:netbsd:1.5.2
-
cpe:2.3:o:netbsd:netbsd:1.5.3
-
cpe:2.3:o:netbsd:netbsd:1.6