Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.


Synopsis :

The remote host appears to leak memory in network packets.

Description :

The remote host uses a network device driver that pads ethernet frames
with data which vary from one packet to another, likely taken from
kernel memory, system memory allocated to the device driver, or a
hardware buffer on its network interface card.

Known as 'Etherleak', this information disclosure vulnerability may
allow an attacker to collect sensitive information from the affected
host provided he is on the same physical subnet as that host.

See also :

http://www.nessus.org/u?719c90b4

Solution :

Contact the network device driver's vendor for a fix.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 2.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 11197 (etherleak.nasl)

Bugtraq ID: 6535

CVE ID: CVE-2003-0001

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial