| Vulnerability Name: | CCN-12218 | ||||||
| Published: | 2003-06-09 | ||||||
| Updated: | 2003-06-09 | ||||||
| Summary: | Multiple vendor Ethernet standard (IEEE 802.3) network device driver software could leak sensitive information, caused by a vulnerability regarding frame padding. Certain network device drivers fail to properly pad frames with null bytes when the frames are less than 46 bytes. This would result in frames being padded with previous frame data. A remote attacker could exploit this vulnerability by sending a malformed TCP packet to an affected system, which would cause sensitive information to be returned in the frame padding, including possibly portions of kernel memory, static system memory, or hardware buffer memory. This information could be used to launch further attacks against the affected system or network. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||
| Vulnerability Consequences: | Obtain Information | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Jun 09 2003 - 07:40:50 CDT Etherleak information leak in Windows Server 2003 drivers Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR09062003 Etherleak information leak in Windows Server 2003 drivers Source: CCN Type: BID-7849 Microsoft Windows FIN-ACK Network Device Driver Frame Padding Information Disclosure Vulnerability Source: XF Type: UNKNOWN ethernet-tcp-information-leak(12218) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||