CVE-2003-0001

NameCVE-2003-0001
DescriptionMultiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-311, DSA-312, DSA-332, DSA-336, DSA-423, DSA-442
NVD severitymedium (attack range: remote)
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kernel-image-2.2.20-i386sourcewoody2.2.20-5woody3mediumDSA-336
kernel-image-2.4.17-ia64sourcewoodykernel-image-2.4.17-ia64mediumDSA-423
kernel-image-2.4.17-s390sourcewoody2.4.17-2.woody.3mediumDSA-442
kernel-image-2.4.18-1-i386sourcewoody2.4.18-8mediumDSA-311
kernel-image-2.4.18-i386bfsourcewoody2.4.18-5woody1.mediumDSA-311
kernel-patch-2.4.17-mipssourcewoody2.4.17-0.020226.2.woody2mediumDSA-332
kernel-patch-2.4.17-s390sourcewoody0.0.20020816-0.woody.2mediumDSA-442
kernel-patch-2.4.18-powerpcsourcewoody2.4.18-1woody1mediumDSA-312
kernel-source-2.2.20sourcewoody2.2.20-5woody2mediumDSA-336
kernel-source-2.4.17sourcewoody2.4.17-1woody1mediumDSA-332
kernel-source-2.4.18sourcewoody2.4.18-9mediumDSA-311
kernel-source-2.4.27source(unstable)(not affected)

Notes

- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5)

Search for package or bug name: Reporting problems