CVE-2003-0001: Infoleak
First published: Wed Jan 08 2003(Updated: )
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | =2.4.15 | |
| NetBSD current | =1.5.3 | |
| Microsoft Windows Terminal Services | =sp1 | |
| NetBSD current | =1.6 | |
| Linux Kernel | =2.4.11 | |
| NetBSD current | =1.5 | |
| Linux Kernel | =2.4.12 | |
| Linux Kernel | =2.4.13 | |
| Microsoft Windows 2000 | ||
| FreeBSD Kernel | =4.7 | |
| Linux Kernel | =2.4.16 | |
| Linux Kernel | =2.4.5 | |
| Microsoft Windows 2000 | =sp1 | |
| FreeBSD Kernel | =4.2 | |
| Linux Kernel | =2.4.19 | |
| Linux Kernel | =2.4.2 | |
| Linux Kernel | =2.4.9 | |
| Microsoft Windows 2000 | =sp2 | |
| NetBSD current | =1.5.1 | |
| Linux Kernel | =2.4.10 | |
| Linux Kernel | =2.4.17 | |
| Linux Kernel | =2.4.7 | |
| Linux Kernel | =2.4.8 | |
| FreeBSD Kernel | =4.4 | |
| FreeBSD Kernel | =4.5 | |
| Linux Kernel | =2.4.14 | |
| NetBSD current | =1.5.2 | |
| Linux Kernel | =2.4.1 | |
| FreeBSD Kernel | =4.6 | |
| Linux Kernel | =2.4.4 | |
| Linux Kernel | =2.4.6 | |
| Microsoft Windows Terminal Services | ||
| FreeBSD Kernel | =4.3 | |
| Linux Kernel | =2.4.18 | |
| Microsoft Windows Terminal Services | =sp2 | |
| Linux Kernel | =2.4.20 | |
| Linux Kernel | =2.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.atstake.com/research/advisories/2003/a010603-1.txt
- http://www.kb.cert.org/vuls/id/412115
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
- http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
- http://www.redhat.com/support/errata/RHSA-2003-025.html
- http://www.redhat.com/support/errata/RHSA-2003-088.html
- http://www.osvdb.org/9962
- http://secunia.com/advisories/7996
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://marc.info/?l=bugtraq&m=104222046632243&w=2
- http://www.securitytracker.com/id/1031583
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665
- http://www.securitytracker.com/id/1040185
- http://www.securityfocus.com/archive/1/307564/30/26270/threaded
- http://www.securityfocus.com/archive/1/305335/30/26420/threaded
Frequently Asked Questions
What is the severity of CVE-2003-0001?
CVE-2003-0001 is considered a high severity vulnerability due to its potential to expose sensitive information from network traffic.
How do I fix CVE-2003-0001?
To fix CVE-2003-0001, update the affected software to a patched version that handles frame padding correctly.
What systems are affected by CVE-2003-0001?
CVE-2003-0001 affects various versions of the Linux kernel, NetBSD, Microsoft Windows 2000, and FreeBSD among others.
What does CVE-2003-0001 exploit?
CVE-2003-0001 exploits the lack of padding in ethernet frames by allowing attackers to send malformed packets.
Can CVE-2003-0001 lead to data breaches?
Yes, CVE-2003-0001 can potentially lead to data breaches as it allows remote attackers to access previous packets or kernel memory.
- agent/type
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.4.15
- vendor/netbsd
- canonical/netbsd current
- version/netbsd current/1.5.3
- vendor/microsoft
- canonical/microsoft windows terminal services
- version/microsoft windows terminal services/sp1
- version/netbsd current/1.6
- version/linux kernel/2.4.11
- version/netbsd current/1.5
- version/linux kernel/2.4.12
- version/linux kernel/2.4.13
- canonical/microsoft windows 2000
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/4.7
- version/linux kernel/2.4.16
- version/linux kernel/2.4.5
- version/microsoft windows 2000/sp1
- version/freebsd kernel/4.2
- version/linux kernel/2.4.19
- version/linux kernel/2.4.2
- version/linux kernel/2.4.9
- version/microsoft windows 2000/sp2
- version/netbsd current/1.5.1
- version/linux kernel/2.4.10
- version/linux kernel/2.4.17
- version/linux kernel/2.4.7
- version/linux kernel/2.4.8
- version/freebsd kernel/4.4
- version/freebsd kernel/4.5
- version/linux kernel/2.4.14
- version/netbsd current/1.5.2
- version/linux kernel/2.4.1
- version/freebsd kernel/4.6
- version/linux kernel/2.4.4
- version/linux kernel/2.4.6
- version/freebsd kernel/4.3
- version/linux kernel/2.4.18
- version/microsoft windows terminal services/sp2
- version/linux kernel/2.4.20
- version/linux kernel/2.4.3