製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数ベンダ製品の Ethernet Network Interface Card デバイスドライバに情報漏洩の脆弱性

Title	複数ベンダ製品の Ethernet Network Interface Card デバイスドライバに情報漏洩の脆弱性
Summary	Ethernet Network Interface Card (NIC) デバイスドライバには、パケットのデータフィールドが一定のサイズより小さい場合、埋められていない領域を NULL で埋めずに、以前に送信したフレームデータを再利用してそのフレームデータで埋めてしまう脆弱性が存在します。
Possible impacts	リプライメッセージのデータフィールドに埋め込まれているカーネルメモリの内容の一部を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 6, 2003, midnight
Registration Date	April 1, 2007, midnight
Last Update	Jan. 22, 2015, 2:52 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected System

サン・マイクロシステムズ

Sun Cobalt RaQ550

Sun Solaris 2.6 (sparc)

Sun Solaris 7.0 (sparc)

Sun Solaris 8 (sparc)

Sun Solaris 9 (sparc)

レッドハット

Red Hat Linux 6.2

Red Hat Linux 7.0

Red Hat Linux 7.1

Red Hat Linux 7.2

Red Hat Linux 7.3

Red Hat Linux 8.0

ヒューレット・パッカード

HP-UX 10.20

HP-UX 11.00

HP-UX (VVOS) 11.04

オラクル

Oracle Solaris 10

Oracle Solaris 11

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2003-0001	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0001
National Vulnerability Database (NVD)
2	CVE-2003-0001	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-0001

ベンダー情報

No	Name	URL
HP Security Bulletin
1	HPSBUX0305-261	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0305-261
HP セキュリティ報告
2	HPSBUX0305-261	http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX0305-261.html
Oracle Critical Patch Update
3	Oracle Critical Patch Update Advisory - January 2015	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
4	Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html
Red Hat Security Advisory
5	RHSA-2003:025	http://rhn.redhat.com/errata/RHSA-2003-025.html
6	RHSA-2003:088	https://rhn.redhat.com/errata/RHSA-2003-088.html
SECURITY BLOG
7	January 2015 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2015_critical_patch_update
Sun Alert Notification
8	57040	http://sunsolve.sun.com/search/document.do?assetkey=1-26-57040-1
Sun Alert Notification 日本語版
9	57040	http://sunsolve.sun.com/search/document.do?assetkey=1-26-57040-3
Sun Cobalt RaQ Patches
10	Sun Cobalt RaQ 550 Patches	http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng&nav=patchpage
レッドハットセキュリティーアップデート
11	RHSA-2003:025	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-025J.html
12	RHSA-2003:088	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-088J.html

その他

No	Name	URL
SecurityFocus
1	6535	http://www.securityfocus.com/bid/6535
SecurityTracker
2	1006959	http://www.securitytracker.com/alerts/2003/Jun/1006959.html
US-CERT Vulnerability Note
3	VU#412115	http://www.kb.cert.org/vuls/id/412115

Change Log

No	Changed Details	Date of change
0	[2007年04月01日] 掲載 [2015年01月22日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - January 2015) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices) を追加ベンダ情報：オラクル (January 2015 Critical Patch Update Released) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2003-0001

Summary	Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
Publication Date	Jan. 17, 2003, 2 p.m.
Registration Date	Jan. 29, 2021, 6:02 p.m.
Last Update	April 30, 2019, 11:27 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:freebsd:freebsd:4.2:::::::*
cpe:2.3:o:freebsd:freebsd:4.3:::::::*
cpe:2.3:o:freebsd:freebsd:4.4:::::::*
cpe:2.3:o:freebsd:freebsd:4.5:::::::*
cpe:2.3:o:freebsd:freebsd:4.6:::::::*
cpe:2.3:o:freebsd:freebsd:4.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.1:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.2:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.3:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.8:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.9:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.10:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.11:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.12:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.13:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.14:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.15:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.16:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.17:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.18:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.19:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.20:::::::*
cpe:2.3:o:microsoft:windows_2000::::::::
cpe:2.3:o:microsoft:windows_2000::sp1::::::*
cpe:2.3:o:microsoft:windows_2000::sp2::::::*
cpe:2.3:o:microsoft:windows_2000_terminal_services::::::::
cpe:2.3:o:microsoft:windows_2000_terminal_services::sp1::::::*
cpe:2.3:o:microsoft:windows_2000_terminal_services::sp2::::::*
cpe:2.3:o:netbsd:netbsd:1.5:::::::*
cpe:2.3:o:netbsd:netbsd:1.5.1:::::::*
cpe:2.3:o:netbsd:netbsd:1.5.2:::::::*
cpe:2.3:o:netbsd:netbsd:1.5.3:::::::*
cpe:2.3:o:netbsd:netbsd:1.6:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html	VULNWATCH
2	http://marc.info/?l=bugtraq&m=104222046632243&w=2	BUGTRAQ
3	http://secunia.com/advisories/7996	SECUNIA
4	http://www.atstake.com/research/advisories/2003/a010603-1.txt	ATSTAKE	Vendor Advisory
5	http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf	MISC
6	http://www.kb.cert.org/vuls/id/412115	CERT-VN	Third Party Advisory US Government Resource
7	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	CONFIRM
8	http://www.osvdb.org/9962	OSVDB
9	http://www.redhat.com/support/errata/RHSA-2003-025.html	REDHAT
10	http://www.redhat.com/support/errata/RHSA-2003-088.html	REDHAT
11	http://www.securityfocus.com/archive/1/305335/30/26420/threaded	BUGTRAQ
12	http://www.securityfocus.com/archive/1/307564/30/26270/threaded	BUGTRAQ
13	http://www.securitytracker.com/id/1031583	SECTRACK
14	http://www.securitytracker.com/id/1040185	SECTRACK
15	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665	OVAL

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:freebsd:freebsd:4.2:::::::*
cpe:2.3:o:freebsd:freebsd:4.3:::::::*
cpe:2.3:o:freebsd:freebsd:4.4:::::::*
cpe:2.3:o:freebsd:freebsd:4.5:::::::*
cpe:2.3:o:freebsd:freebsd:4.6:::::::*
cpe:2.3:o:freebsd:freebsd:4.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.1:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.2:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.3:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.8:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.9:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.10:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.11:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.12:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.13:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.14:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.15:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.16:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.17:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.18:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.19:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.20:::::::*
cpe:2.3:o:microsoft:windows_2000::::::::
cpe:2.3:o:microsoft:windows_2000::sp1::::::*
cpe:2.3:o:microsoft:windows_2000::sp2::::::*
cpe:2.3:o:microsoft:windows_2000_terminal_services::::::::
cpe:2.3:o:microsoft:windows_2000_terminal_services::sp1::::::*
cpe:2.3:o:microsoft:windows_2000_terminal_services::sp2::::::*
cpe:2.3:o:netbsd:netbsd:1.5:::::::*
cpe:2.3:o:netbsd:netbsd:1.5.1:::::::*
cpe:2.3:o:netbsd:netbsd:1.5.2:::::::*
cpe:2.3:o:netbsd:netbsd:1.5.3:::::::*
cpe:2.3:o:netbsd:netbsd:1.6:::::::*