Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2003-0001

Published: 17/01/2003 Updated: 30/04/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 516
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Linux

Vulnerability Summary

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote malicious users to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 2.4.1

freebsd freebsd 4.6

freebsd freebsd 4.7

linux linux kernel 2.4.15

linux linux kernel 2.4.16

linux linux kernel 2.4.4

linux linux kernel 2.4.5

linux linux kernel 2.4.6

microsoft windows 2000

microsoft windows 2000 terminal services

netbsd netbsd 1.6

freebsd freebsd 4.2

freebsd freebsd 4.3

linux linux kernel 2.4.11

linux linux kernel 2.4.12

linux linux kernel 2.4.19

linux linux kernel 2.4.2

linux linux kernel 2.4.9

netbsd netbsd 1.5

netbsd netbsd 1.5.1

linux linux kernel 2.4.10

linux linux kernel 2.4.17

linux linux kernel 2.4.18

linux linux kernel 2.4.7

linux linux kernel 2.4.8

freebsd freebsd 4.4

freebsd freebsd 4.5

linux linux kernel 2.4.13

linux linux kernel 2.4.14

linux linux kernel 2.4.20

linux linux kernel 2.4.3

netbsd netbsd 1.5.2

netbsd netbsd 1.5.3

Vendor Advisories

Debian Security Advisories: DSA-423-1 linux-kernel-2.4.17-ia64 -- several vulnerabilities
The IA-64 maintainers fixed several security related bugs in the Linux kernel 2417 used for the IA-64 architecture, mostly by backporting fixes from 2418 The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project: CAN-2003-0001: Multiple ethernet network interface card (NIC) device ...
Debian Security Advisories: DSA-336-1 linux-kernel-2.2.20 -- several vulnerabilities
A number of vulnerabilities have been discovered in the Linux kernel CAN-2002-1380: Linux kernel 22x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface CVE-2002-0429: The iBCS routines in arch/i386/kernel/t ...
Debian Security Advisories: DSA-312-1 kernel-patch-2.4.18-powerpc -- several vulnerabilities
A number of vulnerabilities have been discovered in the Linux kernel CVE-2002-0429: The iBCS routines in arch/i386/kernel/trapsc for Linux kernels 2418 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall) CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device ...
Debian Security Advisories: DSA-442-1 linux-kernel-2.4.17-s390 -- several vulnerabilities
Several security related problems have been fixed in the Linux kernel 2417 used for the S/390 architecture, mostly by backporting fixes from 2418 and incorporating recent security fixes The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project: CVE-2002-0429: The iBCS routines in a ...
Debian Security Advisories: DSA-332-1 linux-kernel-2.4.17 -- several vulnerabilities
A number of vulnerabilities have been discovered in the Linux kernel CVE-2002-0429: The iBCS routines in arch/i386/kernel/trapsc for Linux kernels 2418 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall) CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device ...

Exploits

Exploit DB: Cisco ASA < 8.4.4.6 < 8.2.5.32 - Ethernet Information Leak
#!/usr/bin/env python # CVE-2003-0001 'Etherleak' exploit # ================================= # Exploit for hosts which use a network device driver that pads # ethernet frames with data which vary from one packet to another, # likely taken from kernel memory, system memory allocated to # the device driver, or a hardware buffer on its network int ...
Exploit DB: Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
source: wwwsecurityfocuscom/bid/6535/info Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers Frames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes Some device drivers fail to do this a ...
Exploit DB: Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage
#!/usr/bin/perl -w # etherleak, code that has been 5 years coming # # On 04/27/2002, I disclosed on the Linux Kernel Mailing list, # a vulnerability that would be come known as the 'etherleak' bug In # various situations an ethernet frame must be padded to reach a specific # size or fall on a certain boundary This task is left up to the driver ...
Exploit DB: etherleak.txt
Ethernet device drivers frame padding information leakage exploit ...
Exploit DB: Cisco ASA Ethernet Information Leak
This is the Cisco ASA ethernet information leak exploit that leverages the vulnerability noted in CVE-2003-0001 Versions prior to 8446 and 82532 are affected ...

Github Repositories

https://github.com/tyleraschultz/tam-content

tam-content CVE-2003-0001 is a debug "CVE" that reports TRUE if the endpoint contains notepadexe at the system root This is used for debugging purposes ONLY

https://github.com/umsundu/etherleak-python3-poc

etherleak-python3-poc import os import sys import signal import binascii from scapyall import * def signalhandler(signal, id): print("!Killing") sysexit(0) def spawn(host, attack_type): if attack_type == 'arp': send(ARP(pdst=host), loop=1, nofilter=1) elif attack_type == 'icmp': send(IP(dst=host)/ICMP(type=8)/�

References

CWE-200http://www.atstake.com/research/advisories/2003/a010603-1.txthttp://www.kb.cert.org/vuls/id/412115http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.htmlhttp://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdfhttp://www.redhat.com/support/errata/RHSA-2003-025.htmlhttp://www.redhat.com/support/errata/RHSA-2003-088.htmlhttp://www.osvdb.org/9962http://secunia.com/advisories/7996http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://marc.info/?l=bugtraq&m=104222046632243&w=2http://www.securitytracker.com/id/1031583https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665http://www.securitytracker.com/id/1040185http://www.securityfocus.com/archive/1/307564/30/26270/threadedhttp://www.securityfocus.com/archive/1/305335/30/26420/threadedhttps://nvd.nist.govhttps://github.com/tyleraschultz/tam-contenthttps://www.debian.org/security/./dsa-423https://www.exploit-db.com/exploits/26076/https://www.kb.cert.org/vuls/id/412115
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook