|
| TC: | 11028 | |
| Description: | Ethernet requires that a packet has a minimum size of 56 bytes. In some cases, like ICMP Reply packets, the size to send is less than this minimum ( 20 bytes for the IP header plus 8 bytes for ICMP data ). In such a situation, the packet must be padded as stated by the RFC 1042: IEEE 802 packets may have a minimum size restriction. When necessary, the data field should be padded (with octets of zero) to meet the IEEE 802 minimum frame size requirements. This padding is not part of the IP datagram and is not included in the total length field of the IP header. Some drivers allocate memory to make packets. If they fail to clean the memory before using it, it could result in information disclosure. | |
| TC Impact: | Gather Info |
| Vulnerability Publication: | January 6, 2003 | |
| Advisory Copyright: | Ofir Arkin and Josh Anderson | |
| Summary: | It is possible to retrieve information by sending small packets to your server. | |
| Risk: | Medium | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None | |
| CVSS 2.0 Base Score: | 5.0 |
| Vulnerability Impact: |
Gather Info |
|---|
| Host Impact: | Confidential data could be retrieved. | |
| Nature of Remediation: | Update the software. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Upgrade Software ***** Check with your network card vendor for a fixed version of the driver. |
| CVE Link: |
CVE-2003-0001 |
 |
|---|
| Glossary: |
ICMP Information Disclosure |
|---|