Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Linux Kernel e1000 Ethernet Card Driver Buffer Overflow Vulnerability
SecurityFocus.com ^ | May 14, 2004 | SecurityFocus.com

Posted on 05/19/2004 8:47:14 PM PDT by Bush2000

Linux Kernel e1000 Ethernet Card Driver Buffer Overflow Vulnerability

Reportedly the Linux kernel e1000 Ethernet card driver is affected by a buffer overflow vulnerability. This issue is due to a failure of the application to validate user input lengths before processing them.

This issue might allow an attacker to corrupt kernel memory space. It might be possible to leverage this issue to execute arbitrary code on the affected system, although this has not been verified.

bugtraq id 10352
object
class Boundary Condition Error
cve CVE-MAP-NOMATCH

remote Unknown
local Yes
published May 14, 2004
updated May 14, 2004
vulnerable
Linux kernel 2.4 .0-test9
Linux kernel 2.4 .0-test8
Linux kernel 2.4 .0-test7
Linux kernel 2.4 .0-test6
Linux kernel 2.4 .0-test5
Linux kernel 2.4 .0-test4
Linux kernel 2.4 .0-test3
Linux kernel 2.4 .0-test2
Linux kernel 2.4 .0-test12
Linux kernel 2.4 .0-test11
Linux kernel 2.4 .0-test10
Linux kernel 2.4 .0-test1
Linux kernel 2.4
Linux kernel 2.4.1
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
Linux kernel 2.4.3
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.6
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.8
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.2
Linux kernel 2.4.9
+ RedHat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 ia64
+ Sun Linux 5.0
+ Sun Linux 5.0.3
+ Sun Linux 5.0.5
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.11
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.14
Linux kernel 2.4.15
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.17
Linux kernel 2.4.18 pre-8
Linux kernel 2.4.18 pre-7
Linux kernel 2.4.18 pre-6
Linux kernel 2.4.18 pre-5
Linux kernel 2.4.18 pre-4
Linux kernel 2.4.18 pre-3
Linux kernel 2.4.18 pre-2
Linux kernel 2.4.18 pre-1
Linux kernel 2.4.18 x86
+ Debian Linux 3.0 ia-32
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 16
+ Astaro Security Linux 2.0 23
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 sparc
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.2
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Linux 7.3
+ RedHat Linux 8.0
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.2
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server
+ S.u.S.E. Linux Enterprise Server 7
+ S.u.S.E. Linux Enterprise Server 8
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 8.0
Linux kernel 2.4.19 -pre6
Linux kernel 2.4.19 -pre5
Linux kernel 2.4.19 -pre4
Linux kernel 2.4.19 -pre3
Linux kernel 2.4.19 -pre2
Linux kernel 2.4.19 -pre1
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Linux Mandrake 9.0
+ MandrakeSoft Multi Network Firewall 8.2
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.21 pre7
Linux kernel 2.4.21 pre4
+ MandrakeSoft Linux Mandrake 9.1
+ MandrakeSoft Linux Mandrake 9.1 ppc
Linux kernel 2.4.21 pre1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ MandrakeSoft Linux Mandrake 9.1
+ MandrakeSoft Linux Mandrake 9.1 ppc
+ S.u.S.E. Linux 9.0
+ S.u.S.E. Linux 9.0 x86_64
+ S.u.S.E. Linux Enterprise Server 8
Linux kernel 2.4.22
+ Devil-Linux Devil-Linux 1.0.4
+ Devil-Linux Devil-Linux 1.0.5
+ MandrakeSoft Linux Mandrake 9.2
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ RedHat Fedora Core1
+ Slackware Linux 9.1
Linux kernel 2.4.23 -pre9
Linux kernel 2.4.23 -ow2
Linux kernel 2.4.23
+ Trustix Secure Linux 2.0
Linux kernel 2.4.24 -ow1
Linux kernel 2.4.24
Linux kernel 2.4.25
Linux kernel 2.4.26
Linux kernel 2.4.27 -pre1

not vulnerable Linux kernel 2.4.27 -pre2


TOPICS: Computers/Internet
KEYWORDS:
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-68 next last
To: Bush2000

Facts suck sometimes. Do you get this worked up about Microsoft security holes?


21 posted on 05/19/2004 9:17:46 PM PDT by inflation (Cuba = BAD, China = Good? Why, should both be treated the way Cuba is?)
[ Post Reply | Private Reply | To 19 | View Replies]

To: N3WBI3
Lets see what is Microsofts time between a vulnerability announcement and a fix?

Clue phone: Availability of a patch doesn't mean all vulnerable systems are patched, you dolt.
22 posted on 05/19/2004 9:20:53 PM PDT by Bush2000
[ Post Reply | Private Reply | To 17 | View Replies]

To: inflation
I use what tool is best for the job at hand, is that wrong in your opinion?

Toss back a few Thorazine. You're safer. Really. /SARCASM
23 posted on 05/19/2004 9:22:15 PM PDT by Bush2000
[ Post Reply | Private Reply | To 20 | View Replies]

To: Bush2000

You ignored my post asking you if you mistoke the e1000 for the ne2000 series of cards. Why is that? And do you every answer any questions or do you just spout off like this all the time?


24 posted on 05/19/2004 9:22:24 PM PDT by inflation (Cuba = BAD, China = Good? Why, should both be treated the way Cuba is?)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Bush2000

Are you saying that I should use Microsoft products for everything I do?


25 posted on 05/19/2004 9:22:57 PM PDT by inflation (Cuba = BAD, China = Good? Why, should both be treated the way Cuba is?)
[ Post Reply | Private Reply | To 23 | View Replies]

To: inflation
You ignored my post asking you if you mistoke the e1000 for the ne2000 series of cards. Why is that?

It's irrelevant.
26 posted on 05/19/2004 9:31:58 PM PDT by Bush2000
[ Post Reply | Private Reply | To 24 | View Replies]

To: inflation
Are you saying that I should use Microsoft products for everything I do?

Choose whatever delusion you like.
27 posted on 05/19/2004 9:32:19 PM PDT by Bush2000
[ Post Reply | Private Reply | To 25 | View Replies]

To: Bush2000
Jeez, this thread is more contentious than Arnold vs. McClintock.
28 posted on 05/19/2004 9:32:52 PM PDT by zencat (http://cgi.ebay.com/ebaymotors/ws/eBayISAPI.dll?ViewItem&item=2478851453)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

No, it isn't. It could demonstrate you lack of knowledge on the subjects that you say you know a lot about.

It's a common mistake those in marketing make.


29 posted on 05/19/2004 9:33:03 PM PDT by inflation (Cuba = BAD, China = Good? Why, should both be treated the way Cuba is?)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Bush2000

Do you every answer questions directed at you or do you always respond like a smart ---?


30 posted on 05/19/2004 9:33:58 PM PDT by inflation (Cuba = BAD, China = Good? Why, should both be treated the way Cuba is?)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Bush2000

Lets see the other recent VUlnerabilities from security focus 5-14 to 5-17

Microsoft UPnP NOTIFY Buffer Overflow Vulnerability
Microsoft Internet Explorer http-equiv Meta Tag Denial of Service Vulnerability
Microsoft Internet Explorer Codebase Double Backslash Local Zone File Execution Weakness
Microsoft Internet Explorer Interface Spoofing Vulnerability
Microsoft Windows LSASS Buffer Overrun Vulnerability

Now in addition to the Linux post you put up we have

Linux IPRoute Spoofed Kernel Messages Denial Of Service Vulnerability
Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability


31 posted on 05/19/2004 9:34:29 PM PDT by N3WBI3
[ Post Reply | Private Reply | To 1 | View Replies]

To: zencat

;->

It's kind of like fighting with the output of DU piped thru a marketing filter. :->


32 posted on 05/19/2004 9:34:52 PM PDT by inflation (Cuba = BAD, China = Good? Why, should both be treated the way Cuba is?)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Bush2000
No kidding?? really in millions of lines of code there are going to be bugs really?? wow!

Its called code review, the error was found, and fixed by the same guy. Will there be other bugs in the kernel, I would bet money on it.

Is it a *more* secure OS, ya sure you betcha... The code review is far better for hte Linux Kernel than the windows Kernel..

33 posted on 05/19/2004 9:40:10 PM PDT by N3WBI3
[ Post Reply | Private Reply | To 22 | View Replies]

To: N3WBI3

Typical change-the-subject-behavior. /SARCASM


34 posted on 05/19/2004 9:40:26 PM PDT by Bush2000
[ Post Reply | Private Reply | To 31 | View Replies]

To: N3WBI3
Is it a *more* secure OS, ya sure you betcha...

Of course it is. You think. /SARCASM

The code review is far better for hte Linux Kernel than the windows Kernel..

You'd know. After all, you were present for neither. /SARCASM
35 posted on 05/19/2004 9:41:56 PM PDT by Bush2000
[ Post Reply | Private Reply | To 33 | View Replies]

To: Bush2000

Yea because its not like the Linux Kernel before and after is available, and easily diffed in CVS that would make it too ease /sarcasm..


36 posted on 05/19/2004 9:43:15 PM PDT by N3WBI3
[ Post Reply | Private Reply | To 35 | View Replies]

To: Bush2000
So your sarcasm tag would indicate you dont think I am trying to change the subject? Wow slow down a bit man...

You point out a vulnerability in the Kernel I point out two more and five windows vulnerabilities and somehow I changed the subject??

37 posted on 05/19/2004 9:45:23 PM PDT by N3WBI3
[ Post Reply | Private Reply | To 34 | View Replies]

To: N3WBI3
Yea because its not like the Linux Kernel before and after is available, and easily diffed in CVS that would make it too ease /sarcasm..

Well, since CVS can be hacked, it wouldn't be wise to depend on any of its CRCs...

Flaws drill holes in open-source repository

Not a good day for OSS bigots.
38 posted on 05/19/2004 9:47:28 PM PDT by Bush2000
[ Post Reply | Private Reply | To 36 | View Replies]

To: N3WBI3
You point out a vulnerability in the Kernel I point out two more and five windows vulnerabilities and somehow I changed the subject??

Since, at last glance, Microsoft doesn't suffer from this E1000 flaw ... yeah, you are changing the subject... /SARCASM
39 posted on 05/19/2004 9:48:20 PM PDT by Bush2000
[ Post Reply | Private Reply | To 37 | View Replies]

To: Bush2000
The only biggot on this thread is you, I am content to use windows and Linux, OSS and Closed source... Just because you ignore the problems of your fan boy os does not mean I do..

So let me ask you do have to be a chicom to see the windows kernel?

40 posted on 05/19/2004 9:49:45 PM PDT by N3WBI3
[ Post Reply | Private Reply | To 38 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-68 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson