[kernel] r4907 - patch-tracking

Dann Frazier dannf at costa.debian.org
Fri Nov 25 22:48:51 UTC 2005 

Author: dannf
Date: Fri Nov 25 22:48:47 2005
New Revision: 4907

Modified:
   patch-tracking/CVE-2003-0001
Log:
updates for CVE-2003-0001

Modified: patch-tracking/CVE-2003-0001
==============================================================================
--- patch-tracking/CVE-2003-0001	(original)
+++ patch-tracking/CVE-2003-0001	Fri Nov 25 22:48:47 2005
@@ -1,16 +1,38 @@
 Candidate: CVE-2003-0001
 References: 
-Description: 
+ ATSTAKE:A010603-1
+ URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt
+ BUGTRAQ:20030110 More information regarding Etherleak
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2
+ VULNWATCH:20030110 More information regarding Etherleak
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
+ MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
+ CERT-VN:VU#412115
+ URL:http://www.kb.cert.org/vuls/id/412115
+ REDHAT:RHSA-2003:025
+ URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
+ OVAL:OVAL2665
+ URL:http://oval.mitre.org/oval/definitions/data/oval2665.html
+Description:
+ Multiple ethernet Network Interface Card (NIC) device drivers do not pad
+ frames with null bytes, which allows remote attackers to obtain information
+ from previous packets or kernel memory by using malformed packets, as
+ demonstrated by Etherleak.
 Notes: 
+ dannf> A number of drivers had to be fixed, but when looking to see where this
+ dannf> patch had been applied, I just tracked the de600.c file changes.  My
+ dannf> assumption is that all of the other drivers got fixed at the same time.
+ .
+ dannf> I've e-mailed the security team + mdz, asking for a patch
 Bugs: 
-upstream: 
-2.6.14: 
-2.6.8-sarge-security: 
-2.4.27-sarge-security: 
-2.6.8: 
-2.4.19-woody-security: 
-2.4.18-woody-security: 
-2.4.17-woody-security: 2.4.17-1woody1
-2.4.16-woody-security: 
-2.4.17-woody-security-hppa: 
-2.4.17-woody-security-ia64: 
+upstream: released (2.4.21-pre4)
+2.6.14: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.8: N/A
+2.4.19-woody-security: needed
+2.4.18-woody-security: released (2.4.18-7)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: needed
+2.4.17-woody-security-hppa: needed
+2.4.17-woody-security-ia64: needed

More information about the Kernel-svn-changes mailing list