CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
90.4%
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
Vendor | Product | Version | CPE |
---|---|---|---|
freebsd | freebsd | 4.2 | cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:* |
freebsd | freebsd | 4.3 | cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:* |
freebsd | freebsd | 4.4 | cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:* |
freebsd | freebsd | 4.5 | cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:* |
freebsd | freebsd | 4.6 | cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:* |
freebsd | freebsd | 4.7 | cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:* |
linux | linux_kernel | 2.4.1 | cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:* |
linux | linux_kernel | 2.4.2 | cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:* |
linux | linux_kernel | 2.4.3 | cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:* |
linux | linux_kernel | 2.4.4 | cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
marc.info/?l=bugtraq&m=104222046632243&w=2
secunia.com/advisories/7996
www.atstake.com/research/advisories/2003/a010603-1.txt
www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
www.kb.cert.org/vuls/id/412115
www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
www.osvdb.org/9962
www.redhat.com/support/errata/RHSA-2003-025.html
www.redhat.com/support/errata/RHSA-2003-088.html
www.securityfocus.com/archive/1/305335/30/26420/threaded
www.securityfocus.com/archive/1/307564/30/26270/threaded
www.securitytracker.com/id/1031583
www.securitytracker.com/id/1040185
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665