Subject: Re: Ethernet vulnerabilty [CERT vulnerability note VU#412115]
To: Christos Zoulas <firstname.lastname@example.org>
From: David Laight <email@example.com>
Date: 01/09/2003 22:51:59
> >The CERT site lists the status of NetBSD's drivers with respect to this
> >vulnerablity as "unknown". Does anyone know whether our ethernet
> >drivers suffer from the the listed vulnerability?
> > http://www.kb.cert.org/vuls/id/412115
> >The above url details the problem.
> For most modern chips this is a non-issue because they do automatic
> padding (now what they pad with, god knows; I hope it is zeros)...
> For the most popular vintage chips (eg. lance) we pad zeros manually.
> There are others that might be broken (3c501).
And a pile of windows (or was it netware - ODI anyway) ones that pad
with the data following the last buffer fragment - could fall of the
end of the page into unmapped memory when they were being using
in a Unix kernel.....
David Laight: firstname.lastname@example.org