CVE-2003-0001

Freebsd - Information Disclosure

Title source: rule

Description

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Jon Hart · perlremotemultiple

https://www.exploit-db.com/exploits/3555

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Jon Hart · perlremotebsd

https://www.exploit-db.com/exploits/22131

View Code ZIP pw:eip

exploitdb WORKING POC

by prdelka · pythondoshardware

https://www.exploit-db.com/exploits/26076

View Code ZIP pw:eip

nomisec SCANNER 5 stars

by marb08 · poc

https://github.com/marb08/etherleak-checker

View Code ZIP pw:eip

References (15)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/9962

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-088.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/307564/30/26270/threaded

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1031583

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

[Mailing List] http://marc.info/?l=bugtraq&m=104222046632243&w=2

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/412115

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/305335/30/26420/threaded

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-025.html

[Third Party Advisory] http://secunia.com/advisories/7996

[Vendor Advisory] http://www.atstake.com/research/advisories/2003/a010603-1.txt

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040185

[Various Sources] http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf

Scores

EPSS 0.0343

EPSS Percentile 87.5%

Details

CWE

CWE-200

Status published

Products (33)

freebsd/freebsd 4.2

freebsd/freebsd 4.3

freebsd/freebsd 4.4

freebsd/freebsd 4.5

freebsd/freebsd 4.6

freebsd/freebsd 4.7

linux/linux_kernel 2.4.1

linux/linux_kernel 2.4.2

linux/linux_kernel 2.4.3

linux/linux_kernel 2.4.4

... and 23 more

Published Jan 17, 2003

Tracked Since Feb 18, 2026