Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Linux Kernel e1000 Ethernet Card Driver Buffer Overflow Vulnerability
SecurityFocus.com ^ | May 14, 2004 | SecurityFocus.com

Posted on 05/19/2004 8:47:14 PM PDT by Bush2000

Linux Kernel e1000 Ethernet Card Driver Buffer Overflow Vulnerability

Reportedly the Linux kernel e1000 Ethernet card driver is affected by a buffer overflow vulnerability. This issue is due to a failure of the application to validate user input lengths before processing them.

This issue might allow an attacker to corrupt kernel memory space. It might be possible to leverage this issue to execute arbitrary code on the affected system, although this has not been verified.

bugtraq id 10352
object
class Boundary Condition Error
cve CVE-MAP-NOMATCH

remote Unknown
local Yes
published May 14, 2004
updated May 14, 2004
vulnerable
Linux kernel 2.4 .0-test9
Linux kernel 2.4 .0-test8
Linux kernel 2.4 .0-test7
Linux kernel 2.4 .0-test6
Linux kernel 2.4 .0-test5
Linux kernel 2.4 .0-test4
Linux kernel 2.4 .0-test3
Linux kernel 2.4 .0-test2
Linux kernel 2.4 .0-test12
Linux kernel 2.4 .0-test11
Linux kernel 2.4 .0-test10
Linux kernel 2.4 .0-test1
Linux kernel 2.4
Linux kernel 2.4.1
Linux kernel 2.4.2
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
Linux kernel 2.4.3
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.6
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.8
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.2
Linux kernel 2.4.9
+ RedHat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 ia64
+ Sun Linux 5.0
+ Sun Linux 5.0.3
+ Sun Linux 5.0.5
Linux kernel 2.4.10
+ S.u.S.E. Linux 7.3
Linux kernel 2.4.11
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.14
Linux kernel 2.4.15
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.17
Linux kernel 2.4.18 pre-8
Linux kernel 2.4.18 pre-7
Linux kernel 2.4.18 pre-6
Linux kernel 2.4.18 pre-5
Linux kernel 2.4.18 pre-4
Linux kernel 2.4.18 pre-3
Linux kernel 2.4.18 pre-2
Linux kernel 2.4.18 pre-1
Linux kernel 2.4.18 x86
+ Debian Linux 3.0 ia-32
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 16
+ Astaro Security Linux 2.0 23
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 sparc
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.2
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Linux 7.3
+ RedHat Linux 8.0
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.2
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server
+ S.u.S.E. Linux Enterprise Server 7
+ S.u.S.E. Linux Enterprise Server 8
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 8.0
Linux kernel 2.4.19 -pre6
Linux kernel 2.4.19 -pre5
Linux kernel 2.4.19 -pre4
Linux kernel 2.4.19 -pre3
Linux kernel 2.4.19 -pre2
Linux kernel 2.4.19 -pre1
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Linux Mandrake 9.0
+ MandrakeSoft Multi Network Firewall 8.2
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.2
+ RedHat Linux 9.0 i386
+ Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Linux kernel 2.4.21 pre7
Linux kernel 2.4.21 pre4
+ MandrakeSoft Linux Mandrake 9.1
+ MandrakeSoft Linux Mandrake 9.1 ppc
Linux kernel 2.4.21 pre1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ MandrakeSoft Linux Mandrake 9.1
+ MandrakeSoft Linux Mandrake 9.1 ppc
+ S.u.S.E. Linux 9.0
+ S.u.S.E. Linux 9.0 x86_64
+ S.u.S.E. Linux Enterprise Server 8
Linux kernel 2.4.22
+ Devil-Linux Devil-Linux 1.0.4
+ Devil-Linux Devil-Linux 1.0.5
+ MandrakeSoft Linux Mandrake 9.2
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ RedHat Fedora Core1
+ Slackware Linux 9.1
Linux kernel 2.4.23 -pre9
Linux kernel 2.4.23 -ow2
Linux kernel 2.4.23
+ Trustix Secure Linux 2.0
Linux kernel 2.4.24 -ow1
Linux kernel 2.4.24
Linux kernel 2.4.25
Linux kernel 2.4.26
Linux kernel 2.4.27 -pre1

not vulnerable Linux kernel 2.4.27 -pre2


TOPICS: Computers/Internet
KEYWORDS:
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-68 next last
Just trying to be helpful, Linux kneepadders...
1 posted on 05/19/2004 8:47:15 PM PDT by Bush2000
[ Post Reply | Private Reply | View Replies]

To: Bush2000

Sure ;-)


2 posted on 05/19/2004 8:49:45 PM PDT by old-ager
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
Of course, being the fair guy that you are, you would point out that this only affects people who are using this particular device.

I don't have any of these. The only gigabyte ethernet I have is Broadcom.

3 posted on 05/19/2004 8:50:57 PM PDT by B Knotts
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

LINUX is unsecure? I'm shocked!


4 posted on 05/19/2004 8:51:48 PM PDT by byteback
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

I notice that kernel 2.6 is not affected, not that you would be sharp enough to notice..


5 posted on 05/19/2004 8:52:48 PM PDT by N3WBI3
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

What is you take on the CEO of microsoft saying that tech people in the US should make no more than 55,000 per year?


6 posted on 05/19/2004 8:57:32 PM PDT by inflation (Cuba = BAD, China = Good? Why, should both be treated the way Cuba is?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

Sher glad I use Windows...


7 posted on 05/19/2004 9:00:12 PM PDT by Libloather (If it really comes down to it, I'm voting Miller Genuine Draft Light...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
An analysis of the issue...

If you are running GB Ethernet cards and kernel 2.4 there is a potential bufferflow. It has been released:

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com mailto:vuldb@securityfocus.com>.

Way to post more than a hundred lines and leave out the best part

And wait it gets better..

not vulnerable Linux kernel 2.4.27 -pre2 Thats right kiddies the fix is already out there.. The vulnerability was discovered and fixed in the same day, by the same person.

8 posted on 05/19/2004 9:02:44 PM PDT by N3WBI3
[ Post Reply | Private Reply | To 1 | View Replies]

To: byteback
Can you please point me to a post where someone says there are no vulnerabilities in linux? please, I know yore really concerned about all the people saying there are no bugs in the Kernel... Please let me know..
9 posted on 05/19/2004 9:04:30 PM PDT by N3WBI3
[ Post Reply | Private Reply | To 4 | View Replies]

To: B Knotts
Of course, being the fair guy that you are, you would point out that this only affects people who are using this particular device.

Oh, yeahhhh. The E1000 is such a rare Ethernet card /SARCASM
10 posted on 05/19/2004 9:06:05 PM PDT by Bush2000
[ Post Reply | Private Reply | To 3 | View Replies]

To: inflation

"What is you take on the CEO of microsoft saying that tech people in the US should make no more than 55,000 per year?"

no wonder there are so many security holes, shows the management just doesn't care to pay for quality


11 posted on 05/19/2004 9:06:05 PM PDT by seastay
[ Post Reply | Private Reply | To 6 | View Replies]

To: N3WBI3
I notice that kernel 2.6 is not affected, not that you would be sharp enough to notice..

Thank God that the entire world is running the 2.6 kernel. /SARCASM
12 posted on 05/19/2004 9:07:00 PM PDT by Bush2000
[ Post Reply | Private Reply | To 5 | View Replies]

To: N3WBI3
Thats right kiddies the fix is already out there.. The vulnerability was discovered and fixed in the same day, by the same person.

Thank God that everyone in the world will simultaneously upgrade to the patch -- and nobody will fail to apply the patch /SARCASM
13 posted on 05/19/2004 9:07:58 PM PDT by Bush2000
[ Post Reply | Private Reply | To 8 | View Replies]

To: seastay; Bush2000

http://www.theinquirer.net/?article=15926

By INQUIRER staff: Saturday 15 May 2004, 18:49
EARLIER THIS week Microsoft CEO Steve Ballmer apparently suggested that the way to keep American jobs was to lower US professionals' pay to $55,000 - according to a report here.

That will help jobs stay in America, Ballmer seems to be implying, faced with competition from outsourced workers who will accept much less.

According to this report on Cnet last September, Steve B and Bill G each got $551,667 in salary and $313,447 in bonuses last year.

Neither got any additional stock options then, but each already has plenty of shares in MSFT.

Perhaps Steve should start by cutting his own salary by a tenth, as he is undoubtedly a US professional, and set that as the benchmark for the rest of the thousands of employees at Microsoft?

No one has yet matched HP's chutzpah in helping to engineer a plan which involved laying off people in North America and then trying to re-hire them at a fraction of what they were earning before.

But maybe it's worth contemplating Steve. An outsourced CEO is an idea that hasn't yet been tried and it would certainly cut down on expenses. µ


14 posted on 05/19/2004 9:10:55 PM PDT by inflation (Cuba = BAD, China = Good? Why, should both be treated the way Cuba is?)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Bush2000

The installed base of Gigabit Ethernet cards isn't that large. Perhaps you are thinking of NE2000 nics?


15 posted on 05/19/2004 9:12:17 PM PDT by inflation (Cuba = BAD, China = Good? Why, should both be treated the way Cuba is?)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Bush2000

LOL. Linux, it's the hackers choice !


16 posted on 05/19/2004 9:14:16 PM PDT by John Lenin (If there were no God, there would be no Atheists)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
Lets see what is Microsofts time between a vulnerability announcement and a fix? usually on the order of three weeks? This one was less than 24 hours. This instance demonstrates the strenght of open source development *code review*

Everyone in the world does not have to update, only those running gig ethernet card in their servers, this eliminates desktops and low end servers.

17 posted on 05/19/2004 9:15:05 PM PDT by N3WBI3
[ Post Reply | Private Reply | To 13 | View Replies]

To: inflation

Standard OSS tactic: "Hey, let's change the subject to Microsoft."


18 posted on 05/19/2004 9:15:39 PM PDT by Bush2000
[ Post Reply | Private Reply | To 14 | View Replies]

To: inflation
The installed base of Gigabit Ethernet cards isn't that large

"The Great Oz has spoken! Go home, all of you billowing bags of bovine fodder! Nothing to see here."
19 posted on 05/19/2004 9:16:47 PM PDT by Bush2000
[ Post Reply | Private Reply | To 15 | View Replies]

To: Bush2000

No, it isn't. It shows the mindset of the company that you love to defend. I use what tool is best for the job at hand, is that wrong in your opinion?


20 posted on 05/19/2004 9:17:11 PM PDT by inflation (Cuba = BAD, China = Good? Why, should both be treated the way Cuba is?)
[ Post Reply | Private Reply | To 18 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-68 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson