Overview
Many network device drivers reuse old frame buffer data to pad packets, resulting in an information leakage vulnerability that may allow remote attackers to harvest sensitive information from affected devices.
Description
The Ethernet standard (IEEE 802.3) specifies a minimum data field size of 46 bytes. If a higher layer protocol such as IP provides packet data that is smaller than 46 bytes, the device driver must fill the remainder of the data field with a "pad". For IP datagrams, RFC1042 specifies that "the data field should be padded (with octets of zero) to meet the IEEE 802 minimum frame size requirements." Researchers from @Stake have discovered that, contrary to the recommendations of RFC1042, many Ethernet device drivers fail to pad frames with null bytes. Instead, these device drivers reuse previously transmitted frame data to pad frames smaller than 46 bytes. This constitutes an information leakage vulnerability that may allow remote attackers to harvest potentially sensitive information. Depending upon the implementation of an affected device driver, the leaked information may originate from dynamic kernel memory, from static system memory allocated to the device driver, or from a hardware buffer located on the network interface card. |
Impact
This vulnerability allows remote attackers to harvest potentially sensitive information from network traffic. In some network environments, this vulnerability can also be used to circumvent technologies that divide networks into separate domains, such as VLANs and routers. |
Solution
Apply a patch from your vendor |
Use encryption to protect sensitive data
|
Vendor Information
Debian Linux Affected
Notified: June 26, 2002 Updated: July 25, 2003
Statement Date: June 09, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
Debian has published several security advisories to address this vulnerability, each for a different version of Debian GNU/Linux. For further information, please see:
Debian Security Advisory DSA 311: linux-kernel-2.4.18 - several vulnerabilities
Debian Security Advisory DSA 312: kernel-patch-2.4.18-powerpc - several vulnerabilities
Debian Security Advisory DSA 332: linux-kernel-2.4.17 - several vulnerabilities
Debian Security Advisory DSA 336: linux-kernel-2.2.20 - several vulnerabilities
- http://www.debian.org/security/2003/dsa-336
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Guardian Digital Inc. Affected
Notified: June 26, 2002 Updated: March 24, 2003
Statement Date: March 18, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
Guardian Digital has published EnGarde Secure Linux Security Advisory ESA-20030318-009 to address this vulnerability. For more information, please see
http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hewlett-Packard Company Affected
Notified: June 26, 2002 Updated: July 25, 2003
Statement Date: January 06, 2003
Status
Affected
Vendor Statement
HP-UX -
HP has investigated its network device drivers on HP-UX in order to determine the extent to which they are affected by this issue of reusing old frame buffer data to pad packets.
The Security Bulletin HPSBUX0306-261 entitled "SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage)" addresses the vulnerability and is available on itrc.hp.com.
Using your itrc account, security bulletins can be found here:
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-----------------------------------------------------------------
Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0305-261
Originally issued: 27 May 2003
Last revised: 08 July 2003
SSRT3451 Potential Security Vulnerability in HP-UX network
drivers (Data Leakage) (rev. 01)
-----------------------------------------------------------------
NOTICE: There are no restrictions for distribution of this
Bulletin provided that it remains complete and intact.
The information in the following Security Bulletin should be
acted upon as soon as possible. Hewlett-Packard Company will
not be liable for any consequences to any customer resulting
from customer's failure to fully implement instructions in this
Security Bulletin as soon as possible.
-----------------------------------------------------------------
PROBLEM: Potential for Ethernet device drivers to reuse packet
data for padding.
Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001
IMPACT: Device drivers may not pad frames with null bytes,
potential leakage of kernel memory.
PLATFORM: HP-UX releases B.10.20, B.11.00, and B.11.04.
** REVISED 01 **
SOLUTION: Install appropriate device driver patches:
for HP-UX B.11.04 (VVOS):
--->> PHNE_29244 B.11.04 (VVOS) EISA 100BT cumulative patch
--->> PHNE_29267 B.11.04 (VVOS) LAN product cumulative patch
for HP-UX B.11.00
--->> PHNE_28143 s700_800 LAN product cumulative patch
PHNE_28636 s700_800 EISA 100BT cumulative patch
for HP-UX 10.20
PHNE_28635 s700_800 EISA 100BT cumulative patch
PHNE_28536 s800 LAN products cumulative patch
PHNE_28535 s700 LAN products cumulative patch
MANUAL ACTIONS: No
AVAILABILITY: All patches are available now on <itrc.hp.com>.
CHANGE SUMMARY: 1) Added VVOS patches;
Corrected PHNE_28143 patch description.
-----------------------------------------------------------------
A. Background
CERT has reported that network device drivers may reuse old
frame buffer data to pad packets resulting in an information
leakage vulnerability that may allow remote harvesting of
sensitive information from affected devices.
http://www.kb.cert.org/vuls/id/412115
The only HP-UX network device drivers affected are:
btlan0 for EISA on B.10.20, B.11.00, B.11.04
lan3 for NIO on B.10.20, B.11.00, B.11.04
NOT IMPACTED:
HP NonStop Servers,
HP Tru64 UNIX/TruCluster Server,
HP OpenVMS
** REVISED 01 **
--> AFFECTED VERSIONS
-->
--> The following is a list by HP-UX revision of
--> affected filesets and the fileset revision or
--> patch containing the fix. To determine if a
--> system has an affected version, search the
--> output of "swlist -a revision -l fileset"
--> for an affected fileset, then determine if
--> a fixed revision or the applicable patch is
--> installed.
-->
--> HP-UX B.11.04
--> =============
--> 100BT-EISA-KRN.100BT-KRN
--> fix: PHNE_29244
-->
--> Networking.LAN2-KRN
--> fix: PHNE_29267
-->
-->
--> HP-UX B.11.00
--> =============
--> 100BT-EISA-KRN.100BT-KRN
--> fix: PHNE_28636
-->
--> Networking.LAN2-KRN
--> fix: PHNE_28143
-->
--> HP-UX B.10.20 (s800)
--> ====================
--> 100BT-EISA-KRN.100BT-KRN
--> fix: PHNE_28635
-->
--> Networking.LAN-KRN
--> fix: PHNE_28536
-->
--> HP-UX B.10.20 (s700)
--> ====================
--> 100BT-EISA-KRN.100BT-KRN
--> fix: PHNE_28635
-->
--> Networking.LAN-KRN
--> fix: PHNE_28535
** REVISED 01 **
B. Recommended solution
These patches completely solve the identified problem,
for HP-UX B.11.04 (VVOS):
--->> PHNE_29244 B.11.04 (VVOS) EISA 100BT cumulative patch
--->> PHNE_29267 B.11.04 (VVOS) LAN product cumulative patch
for HP-UX B.11.00
--->> PHNE_28143 s700_800 LAN product cumulative patch
PHNE_28636 s700_800 EISA 100BT cumulative patch
for HP-UX 10.20
PHNE_28635 s700_800 EISA 100BT cumulative patch
PHNE_28536 s800 LAN products cumulative patch
PHNE_28535 s700 LAN products cumulative patch
To identify if your system uses the affected drivers, as
root run ioscan to list all reportable hardware:
#/sbin/ioscan -fkClan
Class I H/W Path Driver S/W State H/W Type Description
============================================================
lan 1 8/20/5/1 btlan0 CLAIMED INTERFACE EISA card
# ioscan -fkClan
Class I H/W Path Driver S/W State H/W Type Description
============================================================
lan 0 56.1 lan3 CLAIMED INTERFACE
NOTE: A reboot will be required after installation of
these patches.
C. To subscribe to automatically receive future NEW HP Security
Bulletins from the HP IT Resource Center via electronic
mail, do the following:
Use your browser to get to the HP IT Resource Center page
at:
http://itrc.hp.com
Use the 'Login' tab at the left side of the screen to login
using your ID and password. Use your existing login or the
"Register" button at the left to create a login, in order to
gain access to many areas of the ITRC. Remember to save the
User ID assigned to you, and your password.
In the left most frame select "Maintenance and Support".
Under the "Notifications" section (near the bottom of
the page), select "Support Information Digests".
To -subscribe- to future HP Security Bulletins or other
Technical Digests, click the check box (in the left column)
for the appropriate digest and then click the "Update
Subscriptions" button at the bottom of the page.
or
To -review- bulletins already released, select the link
(in the middle column) for the appropriate digest.
NOTE: Using your itrc account security bulletins can be
found here:
http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin
To -gain access- to the Security Patch Matrix, select
the link for "The Security Bulletins Archive". (near the
bottom of the page) Once in the archive the third link is
to the current Security Patch Matrix. Updated daily, this
matrix categorizes security patches by platform/OS release,
and by bulletin topic. Security Patch Check completely
automates the process of reviewing the patch matrix for
11.XX systems. Please note that installing the patches
listed in the Security Patch Matrix will completely
implement a security bulletin _only_ if the MANUAL ACTIONS
field specifies "No."
The Security Patch Check tool can verify that a security
bulletin has been implemented on HP-UX 11.XX systems providing
that the fix is completely implemented in a patch with no
manual actions required. The Security Patch Check tool cannot
verify fixes implemented via a product upgrade.
For information on the Security Patch Check tool, see:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/
displayProductInfo.pl?productNumber=B6834AA
The security patch matrix is also available via anonymous
ftp:
ftp://ftp.itrc.hp.com/export/patches/hp-ux_patch_matrix/
On the "Support Information Digest Main" page:
click on the "HP Security Bulletin Archive".
The PGP key used to sign this bulletin is available from
several PGP Public Key servers. The key identification
information is:
2D2A7D59
HP Security Response Team (Security Bulletin signing only)
<security-alert@hp.com>
Fingerprint =
6002 6019 BFC1 BC62 F079 862E E01F 3AFC 2D2A 7D59
If you have problems locating the key please write to
security-alert@hp.com. Please note that this key is
for signing bulletins only and is not the key returned
by sending 'get key' to security-alert@hp.com.
D. To report new security vulnerabilities, send email to
security-alert@hp.com
Please encrypt any exploit information using the
security-alert PGP key, available from your local key
server, or by sending a message with a -subject- (not body)
of 'get key' (no quotes) to security-alert@hp.com.
-----------------------------------------------------------------
(c)Copyright 2003 Hewlett-Packard Company
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
in this document is subject to change without notice.
Hewlett-Packard Company and the names of HP products referenced
herein are trademarks and/or service marks of Hewlett-Packard
Company. Other product and company names mentioned herein may be
trademarks and/or service marks of their respective owners.
________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPwsrgOAfOvwtKn1ZEQLq9gCeKIChbYDQphLi27h+kYVASLpC/1YAnRKQ
Z9HulG7ySZG9f/uXrw8uhqK4
=qx/L
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Intel Affected
Notified: June 26, 2002 Updated: April 21, 2003
Statement Date: January 14, 2003
Status
Affected
Vendor Statement
Intel has done a complete audit of our Ethernet drivers and determined that we have very limited exposure to the reported security hole. Here is a breakdown of our drivers and exposure:
Windows:
NDIS2 Version 3.2 of our NDIS2 driver resolves the vulnerability
NDIS3 No exposure to reported hole
NDIS4 No exposure to reported hole
NDIS5 No exposure to reported hole
NDIS5.1 No exposure to reported hole
ANS No exposure to reported hole
OS/2:
NDIS2 Version 3.2 of our NDIS2 driver resolves the vulnerability
Novell:
ODI Version 2.13 of our ODI driver resolves the vulnerability
C-Spec No exposure to reported hole
ANS No exposure to reported hole
Linux:
e100 No exposure to reported hole
e1000 No exposure to reported hole
ANS No exposure to reported hole
SCO:
SCO5.x No exposure to reported hole
UW7.x No exposure to reported hole
UW8 No exposure to reported hole
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mandriva, Inc. Affected
Notified: June 26, 2002 Updated: July 25, 2003
Statement Date: March 28, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
MandrakeSoft has published multiple Mandrake Linux Security Update Advisories to address this vulnerability. For more information, please see:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:039
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:066
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:074
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Network Appliance Affected
Notified: June 26, 2002 Updated: January 08, 2003
Statement Date: January 07, 2003
Status
Affected
Vendor Statement
Currently shipping NetApp systems are not vulnerable. If you have the old "Gigabit Ethernet Controller I" on your system, you may be vulnerable and should contact NetApp support.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Red Hat, Inc. Affected
Notified: June 26, 2002 Updated: March 31, 2003
Statement Date: February 05, 2003
Status
Affected
Vendor Statement
Red Hat Linux and Red Hat Enterprise Linux shipped with a number of ethernet drivers in the kernel package which are vulnerable to this issue. New kernel packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool.
Red Hat Enterprise Linux
Red Hat Linux (kernel versions 2.4)Red Hat Linux (kernel versions 2.2)Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sun Microsystems, Inc. Affected
Notified: June 26, 2002 Updated: February 03, 2003
Statement Date: January 27, 2003
Status
Affected
Vendor Statement
Sun is investigating its network device drivers in order to determine if they are affected by this issue of reusing old frame buffer data to pad
packets. A list of interfaces which have completed investigation thus far is as follows:
Interface Name Vulnerable?
ce(7D) - Cassini Gigabit-Ethernet No
dmfe(7D) - Davicom Fast Ethernet No
elxl(7D) - 3Com EtherLink XL/Server Yes
eri(7D) - eri Fast-Ethernet No
ge(7D) - GEM Gigabit-Ethernet No
iprb(7D) - Intel 82557, 82558, No
82559-controlled Ethernet
le(7D) - Am7990 (LANCE) Ethernet Yes
pcelx(7D) - 3COM EtherLink III PCMCIA Ethernet No
qfe(7D) - Quad Fast-Ethernet No
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Xerox Corporation Affected
Notified: June 26, 2002 Updated: June 09, 2003
Statement Date: December 10, 2002
Status
Affected
Vendor Statement
A response to this vulnerability is available from our web site: http://www.xerox.com/security.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
For direct access to the Xerox Corporation response, please visit:
http://a1851.g.akamaitech.net/f/1851/2996/24h/cache.xerox.com/downloads/usa/en/c/CERT_VU412115.pdf
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Apple Computer, Inc. Not Affected
Notified: June 26, 2002 Updated: January 10, 2003
Statement Date: January 10, 2003
Status
Not Affected
Vendor Statement
Mac OS X and Mac OS X Server do not contain the vulnerability described in this advisory.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Check Point Not Affected
Notified: January 13, 2003 Updated: September 03, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
This vulnerability is not relevant to secure platform.
It is in linux 2.2/2.4.
Splat is based on 2.6.
See http://rhn.redhat.com/errata/RHSA-2003-103.html.
Addendum
Check Point SecurePlatform, often referred to as SPLAT, is based off of Red Hat Enterprise Linux.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Clavister Not Affected
Notified: January 10, 2003 Updated: January 16, 2003
Statement Date: January 10, 2003
Status
Not Affected
Vendor Statement
Clavister Firewall: Not Vulnerable
All versions of Clavister Firewall explicitly fill frame paddings with zeroes above the driver level to avoid this problem. This prevents the firewall itself from becoming a source of information leaks, and also protects hosts that themselves are sources of information leaks.
This zero padding is done for all datagram types; IP as well as non-IP protocols like ARP.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
F5 Networks, Inc. Not Affected
Notified: June 26, 2002 Updated: January 03, 2003
Statement Date: July 09, 2002
Status
Not Affected
Vendor Statement
F5 Networks' products are not affected by this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hitachi Not Affected
Notified: January 03, 2003 Updated: January 06, 2003
Statement Date: January 06, 2003
Status
Not Affected
Vendor Statement
We've checked up on our router (Hitachi,Ltd. GR2000 series) about [VU#412115]. Our implementation is NOT vulnerable.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM Corporation Not Affected
Notified: June 26, 2002 Updated: January 10, 2003
Statement Date: January 09, 2003
Status
Not Affected
Vendor Statement
IBM's AIX operating system pads Ethernet packets with null bytes.
AIX is not affected by the issues discussed in Vulnerability Note VU#412115.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NEC Corporation Not Affected
Notified: June 26, 2002 Updated: January 03, 2003
Statement Date: July 05, 2002
Status
Not Affected
Vendor Statement
[Server Products]
* EWS/UP 48 Series operating system
- is NOT vulnerable.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
National Semiconductor Corporation Not Affected
Notified: January 09, 2003 Updated: January 16, 2003
Statement Date: January 09, 2003
Status
Not Affected
Vendor Statement
National Semiconductor manufactures a number of Ethernet controller chips, both for 100 Mbps and Gigabit Ethernet. Specifically these chips are used by our customers to create Ethernet adapter and LAN on Motherboard (LOM) products. In addition some of the MAC controller cores are integrated into other silicon products National produces. The base product line is as follows:
DP83815100 Mbps Ethernet MAC/PHY
DP83816100 Mbps Ethernet MAC/PHY
DP838201000 Mbps Ethernet MAC
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
ZyXEL Not Affected
Notified: January 13, 2003 Updated: July 24, 2003
Statement Date: February 20, 2003
Status
Not Affected
Vendor Statement
ZyXEL devices with ZyNOS V2.50 to V3.60 are not vulnerable to this advisory #412115.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
3Com Unknown
Notified: February 03, 2003 Updated: February 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Alcatel Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Avaya Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Berkeley Software Design, Inc. Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Borderware Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cisco Systems, Inc. Unknown
Notified: June 26, 2002 Updated: March 24, 2003
Statement Date: January 06, 2003
Status
Unknown
Vendor Statement
Cisco Systems has determined that all of the latest shipping versions of Cisco IOS releases in the 12.1 and 12.2 trains are not vulnerable.
Further information regarding this vulnerability and Cisco products may be found in the Security Notices section on Cisco's website.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
For additional information, please contact Cisco Systems directly at <psirt@cisco.com>.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Computer Associates Unknown
Notified: June 26, 2002 Updated: February 03, 2003
Statement Date: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cray Inc. Unknown
Notified: June 26, 2002 Updated: January 17, 2003
Statement Date: January 17, 2003
Status
Unknown
Vendor Statement
The Cray pvp machines and T3e are not vulnerable. SPR 724413 has been opened to investigate the Cray X1.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
D-Link Systems Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Data General Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
FreeBSD, Inc. Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Fujitsu Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Global Technology Associates Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IP Filter Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Intoto Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Juniper Networks, Inc. Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Lachman Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Linksys Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Lotus Software Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Lucent Technologies Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mandriva, Inc. Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Microsoft Corporation Unknown
Notified: June 26, 2002 Updated: July 25, 2003
Statement Date: January 04, 2003
Status
Unknown
Vendor Statement
Microsoft does not ship any Microsoft written drivers that contain the vulnerability. However, we have found some 3rd party drivers and samples in our documentation that, when compiled without alteration, could yield a driver that could contain this issue. We have made corrections to the samples in our documentation and are working with 3rd parties, and have included tests for this issue in our driver certification program.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
NGSSoftware has investigated this vulnerability and determined that several network drivers shipped with Microsoft Windows Server 20003 are affected. For additional information, please see:
http://www.nextgenss.com/advisories/etherleak-2003.txt
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MontaVista Software, Inc. Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NetBSD Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NetScreen Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Netfilter.org Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nokia Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nortel Networks, Inc. Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Novell, Inc. Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenBSD Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Openwall GNU/*/Linux Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Redback Networks Inc. Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Riverstone Networks Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SGI Unknown
Notified: June 26, 2002 Updated: June 09, 2003
Statement Date: June 02, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SGI Security Advisory
Title: Some Network Drivers May Leak Data
Number : 20030601-01-A
Date : June 2, 2003
Reference: CERT Vulnerability Note VU#412115
Reference: CVE CAN-2003-0001
Reference: SGI BUG 878043
______________________________________________________________________________
SGI provides this information freely to the SGI user community for its
consideration, interpretation, implementation and use. SGI recommends that
this information be acted upon as soon as possible.
SGI provides the information in this Security Advisory on an "AS-IS" basis
only, and disclaims all warranties with respect thereto, express, implied
or otherwise, including, without limitation, any warranty of merchantability
or fitness for a particular purpose. In no event shall SGI be liable for
any loss of profits, loss of business, loss of data or for any indirect,
special, exemplary, incidental or consequential damages of any kind arising
from your use of, failure to use or improper use of any of the instructions
or information in this Security Advisory.
______________________________________________________________________________
SGI acknowledges the network device driver vulnerability reported by AtStake
and is currently investigating:
http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
http://www.kb.cert.org/vuls/id/412115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001
Our initial investigation shows that our egXX and tgXX gigabit cards and
efXX interfaces in Origins and Octanes don't appear to be vulnerable.
No further information is available at this time. As further information
becomes available, additional advisories will be issued.
For the protection of all our customers, SGI does not disclose, discuss or
confirm vulnerabilities until a full investigation has occurred and any
necessary patch(es) or release streams are available for all vulnerable and
supported Linux and IRIX operating systems.
Until SGI has more definitive information to provide, customers are
encouraged to assume all security vulnerabilities as exploitable and take
appropriate steps according to local site security policies and
requirements.
As further information becomes available, additional advisories will be
issued via the normal SGI security information distribution methods
including the wiretap mailing list.
- - -----------------------------------------
- - --- SGI Security Information/Contacts ---
- - -----------------------------------------
If there are questions about this document, email can be sent to
security-info@sgi.com.
------oOo------
SGI provides security information and patches for use by the entire SGI
community. This information is freely available to any person needing the
information and is available via anonymous FTP and the Web.
The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com. Security advisories and patches are located under the URL
ftp://patches.sgi.com/support/free/security/
The SGI Security Headquarters Web page is accessible at the URL
http://www.sgi.com/support/security/
For issues with the patches on the FTP sites, email can be sent to
security-info@sgi.com.
For assistance obtaining or working with security patches, please contact
your SGI support provider.
------oOo------
SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(http://www.sgi.com/support/security/wiretap.html) or by sending email to
SGI as outlined below.
% mail wiretap-request@sgi.com
subscribe wiretap <YourEmailAddress such as aaanalyst@sgi.com >
end
^d
In the example above, <YourEmailAddress> is the email address that you wish
the mailing list information sent to. The word end must be on a separate
line to indicate the end of the body of the message. The control-d (^d) is
used to indicate to the mail program that you are finished composing the
mail message.
------oOo------
SGI provides a comprehensive customer World Wide Web site. This site is
located at http://www.sgi.com/support/security/ .
------oOo------
For reporting *NEW* SGI security issues, email can be sent to
security-alert@sgi.com or contact your SGI support provider. A support
contract is not required for submitting a security report.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPtu3vrQ4cFApAP75AQGtOwQAvVXmlg+NbgYEPbevu5FaytLsDGQPgqFO
tU98mORyHFZ8C5sGropad67F30xJQmCL9pjkHxCS12wE0kjDtthPejKnySJ49WTn
T/hkkj4RcN9rnSLvdVCxSa7pK3yCZueM9oW1n4GMAxIbvgy4z4CGAwWXg9rYdovW
ihio5t+E1z4=
=AOvo
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SUSE Linux Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Secure Computing Corporation Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SecureWorx Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sequent Computer Systems, Inc. Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sony Corporation Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Stonesoft Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Symantec Corporation Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
The SCO Group (SCO Linux) Unknown
Notified: June 26, 2002 Updated: April 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
The SCO Group (SCO Unix) Unknown
Notified: June 26, 2002 Updated: April 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Unisys Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
WatchGuard Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wind River Systems, Inc. Unknown
Notified: June 26, 2002 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wirex Unknown
Notified: January 03, 2003 Updated: January 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
eSoft Unknown
Notified: January 13, 2003 Updated: January 14, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
The CERT/CC thanks Ofir Arkin and Josh Anderson for their discovery and analysis of this vulnerability.
This document was written by Jeffrey P. Lanza.
Other Information
| CVE IDs: | CVE-2003-0001 |
| Severity Metric: | 13.50 |
| Date Public: | 2003-01-06 |
| Date First Published: | 2003-01-06 |
| Date Last Updated: | 2013-09-03 20:54 UTC |
| Document Revision: | 35 |