Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2003-0001 | First vendor Publication | 2003-01-17 |
Vendor | Cve | Last vendor Modification | 2019-04-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0001 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:2665 | |||
Oval ID: | oval:org.mitre.oval:def:2665 | ||
Title: | Data Leak in NIC | ||
Description: | Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0001 | Version: | 1 |
Platform(s): | Sun Solaris 7 | Product(s): | Sun Am7990 Ethernet Driver |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28706 | |||
Oval ID: | oval:org.mitre.oval:def:28706 | ||
Title: | Critical Patch Update January 2015 | ||
Description: | Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0001 | Version: | 3 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2013-06-10 | Cisco ASA < 8.4.4.6|8.2.5.32 Ethernet Information Leak |
2007-03-23 | Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Paddin... |
2007-03-23 | Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak) |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 311-1 (kernel) File : nvt/deb_311_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc) File : nvt/deb_312_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 332-1 (kernel-source-2.4.17, kernel-patch-2.4.17... File : nvt/deb_332_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20... File : nvt/deb_336_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 423-1 (kernel-image-2.4.17-ia64) File : nvt/deb_423_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 442-1 (kernel-patch-2.4.17-s390, kernel-image-2.... File : nvt/deb_442_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3873 | Multiple Ethernet Driver Frame Padding Information Disclosure Multiple Ethernet Network Interface Card (NIC) Device Drivers contain flaws that may result in an information leakage vulnerability. The issue is triggered when Ethernet device drivers reuse old frame buffer data to pad packets. It is possible that the flaw may allow that may allow remote attackers to harvest sensitive information from affected devices resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-01-20 | Name : The remote device is affected by a memory disclosure vulnerability. File : juniper_jsa10773.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Solaris system is missing a security patch from CPU jan2015. File : solaris_jan2015_SRU11_1_11_4_0.nasl - Type : ACT_GATHER_INFO |
2013-09-15 | Name : The remote host is missing Sun Security Patch number 125907-02 File : solaris10_x86_125907.nasl - Type : ACT_GATHER_INFO |
2013-07-16 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10579.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_29267.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_28636.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_29244.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_28143.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-311.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-442.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-423.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-336.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-332.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-312.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-039.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-066.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-074.nasl - Type : ACT_GATHER_INFO |
2003-01-14 | Name : The remote host appears to leak memory in network packets. File : etherleak.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:02:13 |
|
2024-02-01 12:01:25 |
|
2023-09-05 12:02:07 |
|
2023-09-05 01:01:17 |
|
2023-09-02 12:02:08 |
|
2023-09-02 01:01:17 |
|
2023-08-12 12:02:35 |
|
2023-08-12 01:01:17 |
|
2023-08-11 12:02:12 |
|
2023-08-11 01:01:18 |
|
2023-08-06 12:02:02 |
|
2023-08-06 01:01:18 |
|
2023-08-04 12:02:06 |
|
2023-08-04 01:01:18 |
|
2023-07-14 12:02:05 |
|
2023-07-14 01:01:18 |
|
2023-03-29 01:02:03 |
|
2023-03-28 12:01:23 |
|
2022-10-11 12:01:51 |
|
2022-10-11 01:01:10 |
|
2021-05-04 12:01:56 |
|
2021-04-22 01:02:06 |
|
2020-05-23 00:15:19 |
|
2019-04-30 21:19:17 |
|
2019-03-19 12:01:35 |
|
2018-10-19 21:19:34 |
|
2018-01-17 09:21:37 |
|
2017-10-11 09:23:16 |
|
2017-01-21 13:22:46 |
|
2016-12-07 09:24:09 |
|
2016-10-18 12:01:08 |
|
2016-08-31 12:00:45 |
|
2016-06-28 15:01:33 |
|
2016-06-17 09:26:28 |
|
2016-06-13 21:26:30 |
|
2016-04-26 12:29:23 |
|
2015-11-24 21:26:42 |
|
2015-04-22 00:25:22 |
|
2015-04-21 09:24:03 |
|
2015-04-15 09:27:01 |
|
2015-01-24 13:23:34 |
|
2015-01-22 17:22:12 |
|
2015-01-22 13:24:56 |
|
2014-02-17 10:25:41 |
|
2013-05-11 11:49:57 |
|