Ethernet frame padding information leakage updated since 08.01.2003
Published:		13.10.2005
Source:		VULNWATCH
SecurityVulns ID:		2523
Type:		m-i-t-m
Level:		5/10
Description:		Incorrect memory managment causes ethernet fame padding bytes may contain sensitive information.

Affected:		LINUX : kernel 2.4
		LINUX : kernel 2.6
CVE:		CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.)

Original document		Meder Kydyraliev, Linux Orinoco drivers information leakage (13.10.2005)
		SGI, [Full-Disclosure] IRIX Update Some Network Drivers May Leak Data (03.04.2004)
		NGSSoftware Insight Security Research, Etherleak information leak in Windows Server 2003 drivers (09.06.2003)
		REDHAT, [RHSA-2003:025-20] Updated 2.4 kernel fixes various vulnerabilities (05.02.2003)
		Ofir Arkin, More information regarding Etherleak (11.01.2003)
		L0PHT, Etherleak: Ethernet frame padding information leakage (A010603-1) (08.01.2003)

Files:		etherleak, code that has been 5 years coming.
Discuss:		Read or add your comments to this news (0 comments)