CVE-2003-0001

Name	CVE-2003-0001
Description	Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
References	DSA-311, DSA-312, DSA-332, DSA-336, DSA-423, DSA-442
NVD severity	medium (attack range: remote)

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
kernel-image-2.2.20-i386	source	woody	2.2.20-5woody3	medium	DSA-336
kernel-image-2.4.17-ia64	source	woody	kernel-image-2.4.17-ia64	medium	DSA-423
kernel-image-2.4.17-s390	source	woody	2.4.17-2.woody.3	medium	DSA-442
kernel-image-2.4.18-1-i386	source	woody	2.4.18-8	medium	DSA-311
kernel-image-2.4.18-i386bf	source	woody	2.4.18-5woody1.	medium	DSA-311
kernel-patch-2.4.17-mips	source	woody	2.4.17-0.020226.2.woody2	medium	DSA-332
kernel-patch-2.4.17-s390	source	woody	0.0.20020816-0.woody.2	medium	DSA-442
kernel-patch-2.4.18-powerpc	source	woody	2.4.18-1woody1	medium	DSA-312
kernel-source-2.2.20	source	woody	2.2.20-5woody2	medium	DSA-336
kernel-source-2.4.17	source	woody	2.4.17-1woody1	medium	DSA-332
kernel-source-2.4.18	source	woody	2.4.18-9	medium	DSA-311
kernel-source-2.4.27	source	(unstable)	(not affected)

Notes

- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5)