Information Leakage Vulnerability in Network Interface Card Drivers by Multiple Vendors
CVE-2003-0001

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; Netbsd; Windows 2000 Terminal Services; Windows 2000
Vendor: CVE Published:; 17 January 2003

Summary

Multiple ethernet Network Interface Card (NIC) device drivers exhibit a vulnerability where they fail to properly pad frames with null bytes. This shortcoming can be exploited by remote attackers using malformed packets. By doing so, attackers may gain unauthorized access to sensitive information housed in previous packets or kernel memory, leading to potential data breaches and security risks. This vulnerability has been notably illustrated through the Etherleak demonstration.

References

http://www.securityfocus.com/archive/1/307564/30/26270/th...

mailing-listx_refsource_BUGTRAQ

http://www.securitytracker.com/id/1031583

vdb-entryx_refsource_SECTRACK

http://www.osvdb.org/9962

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jan 17, 2003
Vulnerability Reserved
Jan 2, 2003