CVE-2003-0001

NameCVE-2003-0001
DescriptionMultiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-311, DSA-312, DSA-332, DSA-336, DSA-423, DSA-442
NVD severitymedium (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kernel-image-2.2.20-i386sourcewoody2.2.20-5woody3mediumDSA-336
kernel-image-2.4.17-ia64sourcewoodykernel-image-2.4.17-ia64mediumDSA-423
kernel-image-2.4.17-s390sourcewoody2.4.17-2.woody.3mediumDSA-442
kernel-image-2.4.18-1-i386sourcewoody2.4.18-8mediumDSA-311
kernel-image-2.4.18-i386bfsourcewoody2.4.18-5woody1.mediumDSA-311
kernel-patch-2.4.17-mipssourcewoody2.4.17-0.020226.2.woody2mediumDSA-332
kernel-patch-2.4.17-s390sourcewoody0.0.20020816-0.woody.2mediumDSA-442
kernel-patch-2.4.18-powerpcsourcewoody2.4.18-1woody1mediumDSA-312
kernel-source-2.2.20sourcewoody2.2.20-5woody2mediumDSA-336
kernel-source-2.4.17sourcewoody2.4.17-1woody1mediumDSA-332
kernel-source-2.4.18sourcewoody2.4.18-9mediumDSA-311
kernel-source-2.4.27source(unstable)(not affected)

Notes

- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5)

Search for package or bug name: Reporting problems