CVE-2003-0001

Scores

EPSS

0.016very_low1.6%
0%20%40%60%80%100%

Percentile: 1.6%

CVSS

5.3medium3.x
0246810

CVSS Score: 5.3/10

All CVSS Scores

CVSS 3.x
5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0
5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Description

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvd

CWEs

CWE-200

Exploits

Exploit ID: 22131

Source: exploitdb

URL: https://www.exploit-db.com/exploits/22131

Exploit ID: 26076

Source: exploitdb

URL: https://www.exploit-db.com/exploits/26076

Exploit ID: 3555

Source: exploitdb

URL: https://www.exploit-db.com/exploits/3555

Recommendations

Source: nvd

Apply a patch from your vendorFor vendor-specific information regarding vulnerability status and patch availability, please consult the Systems Affected section of this document Use encryption to protect sensitive dataBy using encryption to protect network traffic, vulnerable sites can greatly reduce the impact of this vulnerability. Affected device drivers will still leak information, but fragments of encrypted information will be useless to attackers. Note that this workaround will not protect sensitive information leaked from non-network sources such as kernel memory.

URL: http://www.kb.cert.org/vuls/id/412115

Vulnerable Software (6)

Type: Configuration

Product: kernel-source-2.4.27

Operating System: debian

Trait:
{  "unaffected": true}

Source: debian

Type: Configuration

Vendor: freebsd

Product: freebsd

Operating System: * * *

Trait:
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",      "...

Source: nvd

Type: Configuration

Vendor: linux

Product: linux_kernel

Operating System: * * *

Trait:
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",      "...

Source: nvd

Type: Configuration

Vendor: microsoft

Product: windows_2000

Operating System: * * *

Trait:
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",      "...

Source: nvd

Type: Configuration

Vendor: microsoft

Product: windows_2000_terminal_services

Operating System: * * *

Trait:
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",      "...

Source: nvd

Type: Configuration

Vendor: netbsd

Product: netbsd

Operating System: * * *

Trait:
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",      "...

Source: nvd