July 12, 2022
RE: CVE-2003-0001 and Implications for INSIGHT DLP Appliances
Dear INSIGHT Appliance Customer:
As you may be aware, on January 14, 2003, CVE-2003-0001 was made public. The summary of this disclosure is "Multiple Ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak."
Please note that many vulnerability scanners have been falsely identifying this vulnerability. Specifically CVE-2003-0001 is a false positive from the Nessus vulnerability scanner. The INSIGHT Development team is aware of this exploit for other Linux distros and has been running tests to study any impact this could have for our customers. Due to the secure environment and restrictions implemented on all INSIGHT Appliances, the identified exploit has already been mitigated. Testing of the most current release of IDACT versions 3.0-x has shown that even without an update/patch, the vulnerability cannot be successfully performed. At this time, there is no concern that this exploit could be run on INSIGHT Appliances.
If you have any questions or concerns, please contact the INSIGHT Support Team.
INSIGHT Support Team
It is unlikely that today's systems are vulnerable to the old "EtherLeak". The probable reason that scanners report this vulnerability today is that they receive a shorter packet than the system actually sent. This way they are looking at data following after the actual padding which changes from frame to frame and are misled.
Additional information directly from Intel:
This should not impact any current Intel drivers and the initial exposure back in 2003 was limited to specific versions of NDIS & ODI. We addressed the issue in the NDIS / ODI driver and the other standard Intel NIC drivers were not impacted. Intel specific NICs have been addressed.