search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Network device drivers reuse old frame buffer data to pad packets

Vulnerability Note VU#412115

Original Release Date: 2003-01-06 | Last Revised: 2013-09-03

Overview

Many network device drivers reuse old frame buffer data to pad packets, resulting in an information leakage vulnerability that may allow remote attackers to harvest sensitive information from affected devices.

Description

The Ethernet standard (IEEE 802.3) specifies a minimum data field size of 46 bytes. If a higher layer protocol such as IP provides packet data that is smaller than 46 bytes, the device driver must fill the remainder of the data field with a "pad". For IP datagrams, RFC1042 specifies that "the data field should be padded (with octets of zero) to meet the IEEE 802 minimum frame size requirements."

Researchers from @Stake have discovered that, contrary to the recommendations of RFC1042, many Ethernet device drivers fail to pad frames with null bytes. Instead, these device drivers reuse previously transmitted frame data to pad frames smaller than 46 bytes. This constitutes an information leakage vulnerability that may allow remote attackers to harvest potentially sensitive information. Depending upon the implementation of an affected device driver, the leaked information may originate from dynamic kernel memory, from static system memory allocated to the device driver, or from a hardware buffer located on the network interface card.

For detailed information on this research, please read @Stake's "EtherLeak: Ethernet frame padding information leakage", available at

http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf

This vulnerability may also affect link layer networking protocols other than Ethernet.

Impact

This vulnerability allows remote attackers to harvest potentially sensitive information from network traffic. In some network environments, this vulnerability can also be used to circumvent technologies that divide networks into separate domains, such as VLANs and routers.

Solution

Apply a patch from your vendor

For vendor-specific information regarding vulnerability status and patch availability, please consult the Systems Affected section of this document

Use encryption to protect sensitive data


By using encryption to protect network traffic, vulnerable sites can greatly reduce the impact of this vulnerability. Affected device drivers will still leak information, but fragments of encrypted information will be useless to attackers. Note that this workaround will not protect sensitive information leaked from non-network sources such as kernel memory.

Vendor Information

412115
Expand all

Debian Linux

Notified:  June 26, 2002 Updated:  July 25, 2003

Statement Date:   June 09, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Debian has published several security advisories to address this vulnerability, each for a different version of Debian GNU/Linux. For further information, please see:

Debian Security Advisory DSA 311: linux-kernel-2.4.18 - several vulnerabilities


Debian Security Advisory DSA 312: kernel-patch-2.4.18-powerpc - several vulnerabilities

Debian Security Advisory DSA 332: linux-kernel-2.4.17 - several vulnerabilities

Debian Security Advisory DSA 336: linux-kernel-2.2.20 - several vulnerabilities

Guardian Digital Inc.

Notified:  June 26, 2002 Updated:  March 24, 2003

Statement Date:   March 18, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Guardian Digital has published EnGarde Secure Linux Security Advisory ESA-20030318-009 to address this vulnerability. For more information, please see

Hewlett-Packard Company

Notified:  June 26, 2002 Updated:  July 25, 2003

Statement Date:   January 06, 2003

Status

  Vulnerable

Vendor Statement

HP-UX -

HP has investigated its network device drivers on HP-UX in order to determine the extent to which they are affected by this issue of reusing old frame buffer data to pad packets.

The Security Bulletin HPSBUX0306-261 entitled "SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage)" addresses the vulnerability and is available on itrc.hp.com.

Using your itrc account, security bulletins can be found here:


HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----------------------------------------------------------------
Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0305-261
Originally issued: 27 May 2003
Last revised: 08 July 2003
SSRT3451 Potential Security Vulnerability in HP-UX network

drivers (Data Leakage) (rev. 01)
-----------------------------------------------------------------


NOTICE: There are no restrictions for distribution of this
Bulletin provided that it remains complete and intact.

The information in the following Security Bulletin should be
acted upon as soon as possible.  Hewlett-Packard Company will
not be liable for any consequences to any customer resulting
from customer's failure to fully implement instructions in this
Security Bulletin as soon as possible.

-----------------------------------------------------------------
PROBLEM:  Potential for Ethernet device drivers to reuse packet

data for padding.
Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001


IMPACT:   Device drivers may not pad frames with null bytes,
potential leakage of kernel memory.


PLATFORM: HP-UX releases B.10.20, B.11.00, and B.11.04.

** REVISED 01 **
SOLUTION: Install appropriate device driver patches:

for HP-UX B.11.04 (VVOS):
--->>    PHNE_29244 B.11.04 (VVOS) EISA 100BT cumulative patch
--->>    PHNE_29267 B.11.04 (VVOS) LAN product cumulative patch


for HP-UX B.11.00
--->>    PHNE_28143 s700_800 LAN product cumulative patch

PHNE_28636 s700_800 EISA 100BT cumulative patch

for HP-UX 10.20
PHNE_28635 s700_800 EISA 100BT cumulative patch
PHNE_28536 s800 LAN products cumulative patch
PHNE_28535 s700 LAN products cumulative patch


MANUAL ACTIONS: No

AVAILABILITY:  All patches are available now on <itrc.hp.com>.

CHANGE SUMMARY: 1) Added VVOS patches;
Corrected PHNE_28143 patch description.

-----------------------------------------------------------------
A. Background

CERT has reported that network device drivers may reuse old
frame buffer data to pad packets resulting in an information
leakage vulnerability that may allow remote harvesting of
sensitive information from affected devices.
http://www.kb.cert.org/vuls/id/412115


The only HP-UX network device drivers affected are:
btlan0  for EISA    on B.10.20, B.11.00, B.11.04
lan3    for NIO     on B.10.20, B.11.00, B.11.04


NOT IMPACTED:
HP NonStop Servers,
HP Tru64 UNIX/TruCluster Server,
HP OpenVMS


** REVISED 01 **
--> AFFECTED VERSIONS
-->
--> The following is a list by HP-UX revision of
--> affected filesets and the fileset revision or
--> patch containing the fix.  To determine if a
--> system has an affected version, search the
--> output of "swlist -a revision -l fileset"
--> for an affected fileset, then determine if
--> a fixed revision or the applicable patch is
--> installed.
-->
--> HP-UX B.11.04
--> =============
--> 100BT-EISA-KRN.100BT-KRN
--> fix: PHNE_29244
-->
--> Networking.LAN2-KRN
--> fix: PHNE_29267
-->
-->
--> HP-UX B.11.00
--> =============
--> 100BT-EISA-KRN.100BT-KRN
--> fix: PHNE_28636
-->
--> Networking.LAN2-KRN
--> fix: PHNE_28143
-->
--> HP-UX B.10.20 (s800)
--> ====================
--> 100BT-EISA-KRN.100BT-KRN
--> fix: PHNE_28635
-->
--> Networking.LAN-KRN
--> fix: PHNE_28536
-->
--> HP-UX B.10.20 (s700)
--> ====================
--> 100BT-EISA-KRN.100BT-KRN
--> fix: PHNE_28635
-->
--> Networking.LAN-KRN
--> fix: PHNE_28535



** REVISED 01 **
B. Recommended solution

These patches completely solve the identified problem,
for HP-UX B.11.04 (VVOS):

--->>   PHNE_29244 B.11.04 (VVOS) EISA 100BT cumulative patch
--->>   PHNE_29267 B.11.04 (VVOS) LAN product cumulative patch


for HP-UX B.11.00
--->>   PHNE_28143 s700_800 LAN product cumulative patch

PHNE_28636 s700_800 EISA 100BT cumulative patch

for HP-UX 10.20
PHNE_28635 s700_800 EISA 100BT cumulative patch
PHNE_28536 s800 LAN products cumulative patch
PHNE_28535 s700 LAN products cumulative patch


To identify if your system uses the affected drivers, as
root run ioscan to list all reportable hardware:
#/sbin/ioscan -fkClan

Class  I  H/W Path  Driver  S/W State H/W Type  Description
============================================================
lan    1  8/20/5/1  btlan0  CLAIMED  INTERFACE  EISA card


# ioscan -fkClan
Class  I  H/W Path  Driver  S/W State H/W Type  Description
============================================================
lan    0  56.1      lan3    CLAIMED  INTERFACE



NOTE: A reboot will be required after installation of
these patches.


C. To subscribe to automatically receive future NEW HP Security
Bulletins from the HP IT Resource Center via electronic
mail, do the following:


Use your browser to get to the HP IT Resource Center page
at:


http://itrc.hp.com

Use the 'Login' tab at the left side of the screen to login
using your ID and password.  Use your existing login or the
"Register" button at the left to create a login, in order to
gain access to many areas of the ITRC.  Remember to save the
User ID assigned to you, and your password.


In the left most frame select "Maintenance and Support".

Under the "Notifications" section (near the bottom of
the page), select "Support Information Digests".


To -subscribe- to future HP Security Bulletins or other
Technical Digests, click the check box (in the left column)
for the appropriate digest and then click the "Update
Subscriptions" button at the bottom of the page.


or

To -review- bulletins already released, select the link
(in the middle column) for the appropriate digest.


NOTE: Using your itrc account security bulletins can be
found here:

http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin


To -gain access- to the Security Patch Matrix, select
the link for "The Security Bulletins Archive".  (near the
bottom of the page)  Once in the archive the third link is
to the current Security Patch Matrix. Updated daily, this
matrix categorizes security patches by platform/OS release,
and by bulletin topic.  Security Patch Check completely
automates the process of reviewing the patch matrix for
11.XX systems.  Please note that installing the patches
listed in the Security Patch Matrix will completely
implement a security bulletin _only_ if the MANUAL ACTIONS
field specifies "No."


The Security Patch Check tool can verify that a security
bulletin has been implemented on HP-UX 11.XX systems providing
that the fix is completely implemented in a patch with no
manual actions required.  The Security Patch Check tool cannot
verify fixes implemented via a product upgrade.


For information on the Security Patch Check tool, see:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/
displayProductInfo.pl?productNumber=B6834AA


The security patch matrix is also available via anonymous
ftp:


ftp://ftp.itrc.hp.com/export/patches/hp-ux_patch_matrix/

On the "Support Information Digest Main" page:
click on the "HP Security Bulletin Archive".


The PGP key used to sign this bulletin is available from
several PGP Public Key servers.  The key identification
information is:


2D2A7D59
HP Security Response Team (Security Bulletin signing only)
<security-alert@hp.com>
Fingerprint =

6002 6019 BFC1 BC62 F079 862E E01F 3AFC 2D2A 7D59

If you have problems locating the key please write to
security-alert@hp.com.  Please note that this key is
for signing bulletins only and is not the key returned
by sending 'get key' to security-alert@hp.com.



D. To report new security vulnerabilities, send email to

security-alert@hp.com

Please encrypt any exploit information using the
security-alert PGP key, available from your local key
server, or by sending a message with a -subject- (not body)
of 'get key' (no quotes) to security-alert@hp.com.


-----------------------------------------------------------------

(c)Copyright 2003 Hewlett-Packard Company
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
in this document is subject to change without notice.
Hewlett-Packard Company and the names of HP products referenced
herein are trademarks and/or service marks of Hewlett-Packard
Company.  Other product and company names mentioned herein may be
trademarks and/or service marks of their respective owners.

________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPwsrgOAfOvwtKn1ZEQLq9gCeKIChbYDQphLi27h+kYVASLpC/1YAnRKQ
Z9HulG7ySZG9f/uXrw8uhqK4
=qx/L
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intel

Notified:  June 26, 2002 Updated:  April 21, 2003

Statement Date:   January 14, 2003

Status

  Vulnerable

Vendor Statement

Intel has done a complete audit of our Ethernet drivers and determined that we have very limited exposure to the reported security hole. Here is a breakdown of our drivers and exposure:

Windows:

NDIS2       Version 3.2 of our NDIS2 driver resolves the vulnerability
NDIS3       No exposure to reported hole
NDIS4       No exposure to reported hole
NDIS5       No exposure to reported hole
NDIS5.1     No exposure to reported hole
ANS         No exposure to reported hole

OS/2:

NDIS2       Version 3.2 of our NDIS2 driver resolves the vulnerability

Novell:

ODI         Version 2.13 of our ODI driver resolves the vulnerability
C-Spec      No exposure to reported hole
ANS         No exposure to reported hole

Linux:

e100        No exposure to reported hole
e1000       No exposure to reported hole
ANS         No exposure to reported hole

SCO:

SCO5.x      No exposure to reported hole
UW7.x       No exposure to reported hole
UW8         No exposure to reported hole

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc.

Notified:  June 26, 2002 Updated:  July 25, 2003

Statement Date:   March 28, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

MandrakeSoft has published multiple Mandrake Linux Security Update Advisories to address this vulnerability. For more information, please see:

Network Appliance

Notified:  June 26, 2002 Updated:  January 08, 2003

Statement Date:   January 07, 2003

Status

  Vulnerable

Vendor Statement

Currently shipping NetApp systems are not vulnerable. If you have the old "Gigabit Ethernet Controller I" on your system, you may be vulnerable and should contact NetApp support.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc.

Notified:  June 26, 2002 Updated:  March 31, 2003

Statement Date:   February 05, 2003

Status

  Vulnerable

Vendor Statement

Red Hat Linux and Red Hat Enterprise Linux shipped with a number of ethernet drivers in the kernel package which are vulnerable to this issue. New kernel packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool.

Red Hat Enterprise Linux

Red Hat Linux (kernel versions 2.4)Red Hat Linux (kernel versions 2.2)

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems, Inc.

Notified:  June 26, 2002 Updated:  February 03, 2003

Statement Date:   January 27, 2003

Status

  Vulnerable

Vendor Statement

Sun is investigating its network device drivers in order to determine if they are affected by this issue of reusing old frame buffer data to pad
packets. A list of interfaces which have completed investigation thus far is as follows:


    Interface Name                                  Vulnerable?
    ce(7D) - Cassini Gigabit-Ethernet                   No
    dmfe(7D) - Davicom Fast Ethernet                    No
    elxl(7D) - 3Com EtherLink XL/Server                 Yes
    eri(7D) - eri Fast-Ethernet                         No
    ge(7D) - GEM Gigabit-Ethernet                       No
    iprb(7D) - Intel 82557, 82558,                      No
              82559-controlled Ethernet
    le(7D) - Am7990 (LANCE) Ethernet                    Yes
    pcelx(7D) - 3COM EtherLink III PCMCIA Ethernet      No
    qfe(7D) - Quad Fast-Ethernet                        No
Additional interfaces are under investigation. A complete listing along with patch details for affected interfaces will be provided in a Sun Alert to be published soon.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Xerox Corporation

Notified:  June 26, 2002 Updated:  June 09, 2003

Statement Date:   December 10, 2002

Status

  Vulnerable

Vendor Statement

A response to this vulnerability is available from our web site: http://www.xerox.com/security.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

For direct access to the Xerox Corporation response, please visit:

Apple Computer, Inc.

Notified:  June 26, 2002 Updated:  January 10, 2003

Statement Date:   January 10, 2003

Status

  Not Vulnerable

Vendor Statement

Mac OS X and Mac OS X Server do not contain the vulnerability described in this advisory.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Check Point

Notified:  January 13, 2003 Updated:  September 03, 2013

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

This vulnerability is not relevant to secure platform.
It is in linux 2.2/2.4.
Splat is based on 2.6.
See
http://rhn.redhat.com/errata/RHSA-2003-103.html.

Addendum

Check Point SecurePlatform, often referred to as SPLAT, is based off of Red Hat Enterprise Linux.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Clavister

Notified:  January 10, 2003 Updated:  January 16, 2003

Statement Date:   January 10, 2003

Status

  Not Vulnerable

Vendor Statement

Clavister Firewall: Not Vulnerable

All versions of Clavister Firewall explicitly fill frame paddings with zeroes above the driver level to avoid this problem. This prevents the firewall itself from becoming a source of information leaks, and also protects hosts that themselves are sources of information leaks.

This zero padding is done for all datagram types; IP as well as non-IP protocols like ARP.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks, Inc.

Notified:  June 26, 2002 Updated:  January 03, 2003

Statement Date:   July 09, 2002

Status

  Not Vulnerable

Vendor Statement

F5 Networks' products are not affected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi

Notified:  January 03, 2003 Updated:  January 06, 2003

Statement Date:   January 06, 2003

Status

  Not Vulnerable

Vendor Statement

We've checked up on our router (Hitachi,Ltd. GR2000 series) about [VU#412115]. Our implementation is NOT vulnerable.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Corporation

Notified:  June 26, 2002 Updated:  January 10, 2003

Statement Date:   January 09, 2003

Status

  Not Vulnerable

Vendor Statement

IBM's AIX operating system pads Ethernet packets with null bytes.

AIX is not affected by the issues discussed in Vulnerability Note VU#412115.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Notified:  June 26, 2002 Updated:  January 03, 2003

Statement Date:   July 05, 2002

Status

  Not Vulnerable

Vendor Statement

[Server Products]

* EWS/UP 48 Series operating system
- is NOT vulnerable.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

National Semiconductor Corporation

Notified:  January 09, 2003 Updated:  January 16, 2003

Statement Date:   January 09, 2003

Status

  Not Vulnerable

Vendor Statement

National Semiconductor manufactures a number of Ethernet controller chips, both for 100 Mbps and Gigabit Ethernet. Specifically these chips are used by our customers to create Ethernet adapter and LAN on Motherboard (LOM) products. In addition some of the MAC controller cores are integrated into other silicon products National produces. The base product line is as follows:


    DP83815100 Mbps Ethernet MAC/PHY
    DP83816100 Mbps Ethernet MAC/PHY
    DP838201000 Mbps Ethernet MAC
We have evaluated our MAC cores to determine their vulnerability to the issue that your report raised. We have found that our products properly pad short frames with 00's. However we did find that it is possible that from 1 - 7 bytes following the end of actual frame data may contain byte data from that same frame. All bytes following this alignment padding, however, will be 00's. Because the non-zero data comes from the same frame, this does not represent a security problem. Future Ethernet MAC products from National Semiconductor will not duplicate data and will 00 out all padding on short frames.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ZyXEL

Notified:  January 13, 2003 Updated:  July 24, 2003

Statement Date:   February 20, 2003

Status

  Not Vulnerable

Vendor Statement

ZyXEL devices with ZyNOS V2.50 to V3.60 are not vulnerable to this advisory #412115.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

3Com

Notified:  February 03, 2003 Updated:  February 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avaya

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Berkeley Software Design, Inc.

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Borderware

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems, Inc.

Notified:  June 26, 2002 Updated:  March 24, 2003

Statement Date:   January 06, 2003

Status

  Unknown

Vendor Statement

Cisco Systems has determined that all of the latest shipping versions of Cisco IOS releases in the 12.1 and 12.2 trains are not vulnerable.

Further information regarding this vulnerability and Cisco products may be found in the Security Notices section on Cisco's website.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

For additional information, please contact Cisco Systems directly at <psirt@cisco.com>.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Computer Associates

Notified:  June 26, 2002 Updated:  February 03, 2003

Statement Date:   January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc.

Notified:  June 26, 2002 Updated:  January 17, 2003

Statement Date:   January 17, 2003

Status

  Unknown

Vendor Statement

The Cray pvp machines and T3e are not vulnerable. SPR 724413 has been opened to investigate the Cray X1.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

D-Link Systems

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Data General

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD, Inc.

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Global Technology Associates

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IP Filter

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intoto

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks, Inc.

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lachman

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Linksys

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lotus Software

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lucent Technologies

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc.

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation

Notified:  June 26, 2002 Updated:  July 25, 2003

Statement Date:   January 04, 2003

Status

  Unknown

Vendor Statement

Microsoft does not ship any Microsoft written drivers that contain the vulnerability. However, we have found some 3rd party drivers and samples in our documentation that, when compiled without alteration, could yield a driver that could contain this issue. We have made corrections to the samples in our documentation and are working with 3rd parties, and have included tests for this issue in our driver certification program.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

NGSSoftware has investigated this vulnerability and determined that several network drivers shipped with Microsoft Windows Server 20003 are affected. For additional information, please see:

MontaVista Software, Inc.

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetBSD

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetScreen

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Netfilter.org

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks, Inc.

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell, Inc.

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Redback Networks Inc.

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Riverstone Networks

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI

Notified:  June 26, 2002 Updated:  June 09, 2003

Statement Date:   June 02, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
SGI Security Advisory


Title:     Some Network Drivers May Leak Data
Number   : 20030601-01-A
Date     : June 2, 2003
Reference: CERT Vulnerability Note VU#412115
Reference: CVE CAN-2003-0001
Reference: SGI BUG 878043

______________________________________________________________________________

SGI provides this information freely to the SGI user community for its
consideration, interpretation, implementation and use.  SGI recommends that
this information be acted upon as soon as possible.

SGI provides the information in this Security Advisory on an "AS-IS" basis
only, and disclaims all warranties with respect thereto, express, implied
or otherwise, including, without limitation, any warranty of merchantability
or fitness for a particular purpose.  In no event shall SGI be liable for
any loss of profits, loss of business, loss of data or for any indirect,
special, exemplary, incidental or consequential damages of any kind arising
from your use of, failure to use or improper use of any of the instructions
or information in this Security Advisory.

______________________________________________________________________________


SGI acknowledges the network device driver vulnerability reported by AtStake
and is currently investigating:

http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
http://www.kb.cert.org/vuls/id/412115

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001

Our initial investigation shows that our egXX and tgXX gigabit cards and
efXX interfaces in Origins and Octanes don't appear to be vulnerable.

No further information is available at this time.  As further information
becomes available, additional advisories will be issued.

For the protection of all our customers, SGI does not disclose, discuss or
confirm vulnerabilities until a full investigation has occurred and any
necessary patch(es) or release streams are available for all vulnerable and
supported Linux and IRIX operating systems.

Until SGI has more definitive information to provide, customers are
encouraged to assume all security vulnerabilities as exploitable and take
appropriate steps according to local site security policies and
requirements.

As further information becomes available, additional advisories will be
issued via the normal SGI security information distribution methods
including the wiretap mailing list.


- - -----------------------------------------
- - --- SGI Security Information/Contacts ---
- - -----------------------------------------

If there are questions about this document, email can be sent to
security-info@sgi.com.

------oOo------

SGI provides security information and patches for use by the entire SGI
community.  This information is freely available to any person needing the
information and is available via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com.  Security advisories and patches are located under the URL
ftp://patches.sgi.com/support/free/security/

The SGI Security Headquarters Web page is accessible at the URL
http://www.sgi.com/support/security/

For issues with the patches on the FTP sites, email can be sent to
security-info@sgi.com.

For assistance obtaining or working with security patches, please contact
your SGI support provider.

------oOo------

SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(http://www.sgi.com/support/security/wiretap.html) or by sending email to
SGI as outlined below.

% mail wiretap-request@sgi.com
subscribe wiretap <YourEmailAddress such as aaanalyst@sgi.com >
end
^d

In the example above, <YourEmailAddress> is the email address that you wish
the mailing list information sent to.  The word end must be on a separate
line to indicate the end of the body of the message. The control-d (^d) is
used to indicate to the mail program that you are finished composing the
mail message.


------oOo------

SGI provides a comprehensive customer World Wide Web site. This site is
located at http://www.sgi.com/support/security/ .

------oOo------

For reporting *NEW* SGI security issues, email can be sent to
security-alert@sgi.com or contact your SGI support provider.  A support
contract is not required for submitting a security report.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBPtu3vrQ4cFApAP75AQGtOwQAvVXmlg+NbgYEPbevu5FaytLsDGQPgqFO
tU98mORyHFZ8C5sGropad67F30xJQmCL9pjkHxCS12wE0kjDtthPejKnySJ49WTn
T/hkkj4RcN9rnSLvdVCxSa7pK3yCZueM9oW1n4GMAxIbvgy4z4CGAwWXg9rYdovW
ihio5t+E1z4=
=AOvo
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secure Computing Corporation

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SecureWorx

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent Computer Systems, Inc.

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sony Corporation

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Stonesoft

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Symantec Corporation

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group (SCO Linux)

Notified:  June 26, 2002 Updated:  April 04, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group (SCO Unix)

Notified:  June 26, 2002 Updated:  April 04, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisys

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

WatchGuard

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems, Inc.

Notified:  June 26, 2002 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wirex

Notified:  January 03, 2003 Updated:  January 03, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

eSoft

Notified:  January 13, 2003 Updated:  January 14, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

The CERT/CC thanks Ofir Arkin and Josh Anderson for their discovery and analysis of this vulnerability.

This document was written by Jeffrey P. Lanza.

Other Information

CVE IDs: CVE-2003-0001
Severity Metric: 13.50
Date Public: 2003-01-06
Date First Published: 2003-01-06
Date Last Updated: 2013-09-03 20:54 UTC
Document Revision: 34

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.