Posted on 05/19/2004 8:47:14 PM PDT by Bush2000
Linux Kernel e1000 Ethernet Card Driver Buffer Overflow Vulnerability
Reportedly the Linux kernel e1000 Ethernet card driver is affected by a buffer overflow vulnerability. This issue is due to a failure of the application to validate user input lengths before processing them.
This issue might allow an attacker to corrupt kernel memory space. It might be possible to leverage this issue to execute arbitrary code on the affected system, although this has not been verified.
bugtraq id 10352
object
class Boundary Condition Error
cve CVE-MAP-NOMATCH
remote Unknown
local Yes
published May 14, 2004
updated May 14, 2004
vulnerable
Linux kernel 2.4 .0-test9
Linux kernel 2.4 .0-test8
Linux kernel 2.4 .0-test7
Linux kernel 2.4 .0-test6
Linux kernel 2.4 .0-test5
Linux kernel 2.4 .0-test4
Linux kernel 2.4 .0-test3
Linux kernel 2.4 .0-test2
Linux kernel 2.4 .0-test12
Linux kernel 2.4 .0-test11
Linux kernel 2.4 .0-test10
Linux kernel 2.4 .0-test1
Linux kernel 2.4
Linux kernel 2.4.1
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
Linux kernel 2.4.3
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.6
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.8
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.2
Linux kernel 2.4.9
+ RedHat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 ia64
+ Sun Linux 5.0
+ Sun Linux 5.0.3
+ Sun Linux 5.0.5
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.11
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.14
Linux kernel 2.4.15
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.17
Linux kernel 2.4.18 pre-8
Linux kernel 2.4.18 pre-7
Linux kernel 2.4.18 pre-6
Linux kernel 2.4.18 pre-5
Linux kernel 2.4.18 pre-4
Linux kernel 2.4.18 pre-3
Linux kernel 2.4.18 pre-2
Linux kernel 2.4.18 pre-1
Linux kernel 2.4.18 x86
+ Debian Linux 3.0 ia-32
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 16
+ Astaro Security Linux 2.0 23
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 sparc
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.2
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Linux 7.3
+ RedHat Linux 8.0
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.2
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server
+ S.u.S.E. Linux Enterprise Server 7
+ S.u.S.E. Linux Enterprise Server 8
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 8.0
Linux kernel 2.4.19 -pre6
Linux kernel 2.4.19 -pre5
Linux kernel 2.4.19 -pre4
Linux kernel 2.4.19 -pre3
Linux kernel 2.4.19 -pre2
Linux kernel 2.4.19 -pre1
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Linux Mandrake 9.0
+ MandrakeSoft Multi Network Firewall 8.2
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.21 pre7
Linux kernel 2.4.21 pre4
+ MandrakeSoft Linux Mandrake 9.1
+ MandrakeSoft Linux Mandrake 9.1 ppc
Linux kernel 2.4.21 pre1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ MandrakeSoft Linux Mandrake 9.1
+ MandrakeSoft Linux Mandrake 9.1 ppc
+ S.u.S.E. Linux 9.0
+ S.u.S.E. Linux 9.0 x86_64
+ S.u.S.E. Linux Enterprise Server 8
Linux kernel 2.4.22
+ Devil-Linux Devil-Linux 1.0.4
+ Devil-Linux Devil-Linux 1.0.5
+ MandrakeSoft Linux Mandrake 9.2
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ RedHat Fedora Core1
+ Slackware Linux 9.1
Linux kernel 2.4.23 -pre9
Linux kernel 2.4.23 -ow2
Linux kernel 2.4.23
+ Trustix Secure Linux 2.0
Linux kernel 2.4.24 -ow1
Linux kernel 2.4.24
Linux kernel 2.4.25
Linux kernel 2.4.26
Linux kernel 2.4.27 -pre1
not vulnerable Linux kernel 2.4.27 -pre2
Sure ;-)
I don't have any of these. The only gigabyte ethernet I have is Broadcom.
LINUX is unsecure? I'm shocked!
I notice that kernel 2.6 is not affected, not that you would be sharp enough to notice..
What is you take on the CEO of microsoft saying that tech people in the US should make no more than 55,000 per year?
Sher glad I use Windows...
If you are running GB Ethernet cards and kernel 2.4 there is a potential bufferflow. It has been released:
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com mailto:vuldb@securityfocus.com>.
Way to post more than a hundred lines and leave out the best part
And wait it gets better..
not vulnerable Linux kernel 2.4.27 -pre2 Thats right kiddies the fix is already out there.. The vulnerability was discovered and fixed in the same day, by the same person.
"What is you take on the CEO of microsoft saying that tech people in the US should make no more than 55,000 per year?"
no wonder there are so many security holes, shows the management just doesn't care to pay for quality
http://www.theinquirer.net/?article=15926
By INQUIRER staff: Saturday 15 May 2004, 18:49
EARLIER THIS week Microsoft CEO Steve Ballmer apparently suggested that the way to keep American jobs was to lower US professionals' pay to $55,000 - according to a report here.
That will help jobs stay in America, Ballmer seems to be implying, faced with competition from outsourced workers who will accept much less.
According to this report on Cnet last September, Steve B and Bill G each got $551,667 in salary and $313,447 in bonuses last year.
Neither got any additional stock options then, but each already has plenty of shares in MSFT.
Perhaps Steve should start by cutting his own salary by a tenth, as he is undoubtedly a US professional, and set that as the benchmark for the rest of the thousands of employees at Microsoft?
No one has yet matched HP's chutzpah in helping to engineer a plan which involved laying off people in North America and then trying to re-hire them at a fraction of what they were earning before.
But maybe it's worth contemplating Steve. An outsourced CEO is an idea that hasn't yet been tried and it would certainly cut down on expenses. µ
The installed base of Gigabit Ethernet cards isn't that large. Perhaps you are thinking of NE2000 nics?
LOL. Linux, it's the hackers choice !
Everyone in the world does not have to update, only those running gig ethernet card in their servers, this eliminates desktops and low end servers.
Standard OSS tactic: "Hey, let's change the subject to Microsoft."
No, it isn't. It shows the mindset of the company that you love to defend. I use what tool is best for the job at hand, is that wrong in your opinion?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.