FKIE_CVE-2003-0001

Vulnerability from fkie_nvd - Published: 2003-01-17 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104222046632243&w=2
cve@mitre.orghttp://secunia.com/advisories/7996
cve@mitre.orghttp://www.atstake.com/research/advisories/2003/a010603-1.txtVendor Advisory
cve@mitre.orghttp://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
cve@mitre.orghttp://www.kb.cert.org/vuls/id/412115Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
cve@mitre.orghttp://www.osvdb.org/9962
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-025.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-088.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/305335/30/26420/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/307564/30/26270/threaded
cve@mitre.orghttp://www.securitytracker.com/id/1031583
cve@mitre.orghttp://www.securitytracker.com/id/1040185
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104222046632243&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/7996
af854a3a-2127-422b-91ae-364da2661108http://www.atstake.com/research/advisories/2003/a010603-1.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/412115Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/9962
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-025.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-088.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/305335/30/26420/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/307564/30/26270/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031583
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040185
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665
Impacted products
Vendor Product Version
freebsd freebsd 4.2
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.5
freebsd freebsd 4.6
freebsd freebsd 4.7
linux linux_kernel 2.4.1
linux linux_kernel 2.4.2
linux linux_kernel 2.4.3
linux linux_kernel 2.4.4
linux linux_kernel 2.4.5
linux linux_kernel 2.4.6
linux linux_kernel 2.4.7
linux linux_kernel 2.4.8
linux linux_kernel 2.4.9
linux linux_kernel 2.4.10
linux linux_kernel 2.4.11
linux linux_kernel 2.4.12
linux linux_kernel 2.4.13
linux linux_kernel 2.4.14
linux linux_kernel 2.4.15
linux linux_kernel 2.4.16
linux linux_kernel 2.4.17
linux linux_kernel 2.4.18
linux linux_kernel 2.4.19
linux linux_kernel 2.4.20
microsoft windows_2000 *
microsoft windows_2000 *
microsoft windows_2000 *
microsoft windows_2000_terminal_services *
microsoft windows_2000_terminal_services *
microsoft windows_2000_terminal_services *
netbsd netbsd 1.5
netbsd netbsd 1.5.1
netbsd netbsd 1.5.2
netbsd netbsd 1.5.3
netbsd netbsd 1.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF49BF03-C25E-4737-84D5-892895C86C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2019E0E-426B-43AF-8904-1B811AE171E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55C5FC1A-1253-4390-A4FC-573BB14EA937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "44308D13-D935-4FF8-AB52-F0E115ED1AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C001822-FDF8-497C-AC2C-B59A00E9ACD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B86C77AB-B8FF-4376-9B4E-C88417396F3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B85D5B-4EA1-4FCF-8D50-9C54E8FDA92F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01408EC0-9C2D-4A44-8080-D7FC7E1A1FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F49A384-7222-41F3-9BE1-4E18C00E50A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "05520FE3-C48D-42E8-BC24-C2396BD46CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D865FBB6-E07D-492F-A75E-168B06C8ADEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "598F24C2-0366-4799-865C-5EE4572B734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0399660-6385-45AB-9785-E504D8788146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCBC50EA-130C-41B7-83EA-C523B3C3AAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91F6CBE-400F-4D0B-B893-34577B47A342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1548ECFD-FCB5-4AE0-9788-42F61F25489F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ABB9787-5497-4BDC-8952-F99CF60A89BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "615F6BA2-CD51-4159-B28A-A018CA9FC25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "093848CB-68A1-4258-8357-373A477FE4E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E275F440-A427-465F-B314-BF0730C781DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "98651D39-60CF-409F-8276-DBBB56B972AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "067B8E09-C923-4DDA-92DB-4A2892CB526A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EBE3738-E530-4EC6-9FC6-1A063605BE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "474384F1-FB2D-4C00-A4CD-0C2C5AE42DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "F677E992-8D37-438F-97DF-9D98B28F020C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "476687F9-722B-490C-BD0B-B5F2CD7891DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D34EFE5-22B7-4E8D-B5B2-2423C37CFFA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "8208AFC9-0EFC-4A90-AD5A-FD94F5542885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D4168AE-D19E-482E-8F2B-3E798B2D84E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "28A10F5A-067E-4DD8-B585-ABCD6F6B324E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples controladores de dispositivo (device drivers) de Tarjetas de Interfaz de Red (Network Interface Card - NIC) Ethernet no rellenan las tramas con bytes nulos, lo que permite a atacantes remotos obtener informaci\u00f3n de paquetes anteriores o memoria del kernel usando paquetes malformados, como ha sido demostrado por Etherleak."
    }
  ],
  "id": "CVE-2003-0001",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-01-17T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104222046632243\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/7996"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.atstake.com/research/advisories/2003/a010603-1.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/412115"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/9962"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-025.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-088.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/305335/30/26420/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/307564/30/26270/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1031583"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1040185"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104222046632243\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/7996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.atstake.com/research/advisories/2003/a010603-1.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/412115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/9962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-088.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/305335/30/26420/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/307564/30/26270/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1040185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.