CVE-2003-0001

FreeBSD - Information Exposure via Ethernet NIC Frame Padding

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2003-0001. PoCs published by Jon Hart, prdelka, marb08.

AI-analyzed exploit summary This Perl script demonstrates the 'etherleak' vulnerability (CVE-2003-0001) by capturing and analyzing Ethernet frames to extract sensitive kernel memory leaked due to improper padding. It uses Net::Pcap to sniff network traffic and identifies non-NULL padding in frames, which may contain sensitive data.

Description

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Jon Hart · perlremotemultiple
https://www.exploit-db.com/exploits/3555

This Perl script demonstrates the 'etherleak' vulnerability (CVE-2003-0001) by capturing and analyzing Ethernet frames to extract sensitive kernel memory leaked due to improper padding. It uses Net::Pcap to sniff network traffic and identifies non-NULL padding in frames, which may contain sensitive data.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel (various versions with vulnerable Ethernet drivers)
No auth needed
Prerequisites: Network access to observe Ethernet traffic · Vulnerable Ethernet driver that leaks kernel memory in padding
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Jon Hart · perlremotebsd
https://www.exploit-db.com/exploits/22131

This Perl script demonstrates the 'etherleak' vulnerability (CVE-2003-0001) by capturing and analyzing Ethernet frames to detect sensitive kernel memory leaks due to improper padding in network device drivers.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Network device drivers (various vendors)
No auth needed
Prerequisites: Network access to observe Ethernet traffic · Perl with Net::Pcap and NetPacket modules
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by prdelka · pythondoshardware
https://www.exploit-db.com/exploits/26076

This exploit leverages the 'Etherleak' vulnerability (CVE-2003-0001) to extract memory contents from vulnerable network devices by sending crafted ARP or ICMP packets and capturing padded responses. The leaked data is saved to a file for analysis.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Network devices with vulnerable drivers (e.g., Cisco ASA pre-8.4.4.6/8.2.5.32)
No auth needed
Prerequisites: Network access to the target device · Scapy library installed · Vulnerable network device driver
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 5 stars
by marb08 · poc
https://github.com/marb08/etherleak-checker

This repository contains a Python script that scans for the Etherleak vulnerability (CVE-2003-0001) by sending ICMP, ARP, or TCP packets and analyzing the padding data in responses for potential memory leaks. It does not exploit the vulnerability but detects its presence.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Network drivers with improper Ethernet frame padding
No auth needed
Prerequisites: Python 3.x · Scapy library · Network access to target host
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/9962
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-088.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/307564/30/26270/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031583
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104222046632243&w=2
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/412115
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/305335/30/26420/threaded
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665
Third Party Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-025.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7996
Vendor Advisory vendor-advisory x_refsource_atstake
http://www.atstake.com/research/advisories/2003/a010603-1.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040185

Scores

EPSS 0.7171
EPSS Percentile 99.3%

Details

CWE
CWE-200
Status published
Products (33)
freebsd/freebsd 4.2
freebsd/freebsd 4.3
freebsd/freebsd 4.4
freebsd/freebsd 4.5
freebsd/freebsd 4.6
freebsd/freebsd 4.7
linux/linux_kernel 2.4.1
linux/linux_kernel 2.4.2
linux/linux_kernel 2.4.3
linux/linux_kernel 2.4.4
... and 23 more
Published Jan 17, 2003
Tracked Since Feb 18, 2026