Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw Found iIn Ethernet Device Drivers

Posted by Hemos on from the yay-for-security-bugs dept.

Licensed2Hack writes "Security researchers have discovered a serious vulnerability that may be present in many Ethernet device drivers that is causing the devices to broadcast sensitive information over networks. Seems the device driver writers couldn't be bothered with a memset() call. Eweek has their typical (puffy, low on tech details) take on it here. Since they don't specify the OS, I'm assuming these are drivers for Windows." It's actually Linux, *BSD, and Windows.

5 of 390 comments (clear)

  1. well by REBloomfield · · Score: 5, Interesting
    lets hope this isn't globally exploitable, as I can't imagine every manufacturer of every card is going to fix this....

    One wonders whether it would be possible to build a fix into the operating system, or would that be too great an abstraction?

  2. I can read! by 1010011010 · · Score: 5, Interesting

    "This information leakage vulnerability is trivial to exploit and has potentially devastating consequences. Several different variants of this implementation flaw result in this vulnerability," the @stake researchers wrote in their paper on the flaw, released Monday. "The Linux, NetBSD and Microsoft Windows operating systems are known to have vulnerable link layer implementations, and it is extremely likely that other operating systems are also affected."

    The most likely exploitation of the vulnerability would be for an attacker to send ICMP (Internet Control Messaging Protocol) echo requests to a vulnerable machine. The machine would then send back replies containing portions of the device's memory. In tests, the researchers found that most often the pad data sent in error contains portions of network traffic that the vulnerable device is handling.
    ... how much? The pad of older data in a 46 byte header can't contain a lot of data.
    --
    Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
    1. Re:I can read! by thogard · · Score: 5, Interesting

      I can sniff most low end cicso switches....
      The 2924xl and 2950 allow you to block any mac address except broadcast addresses. So if you you flood the network with packets with one broadcast address and one real mac address you overflow its table it goes into a nice bridge mode. With a decent box it takes nearly two whole minutes to crack a single vendors mac codes.

      As long as US compaines keep selling out to the short term stock price and sending critical stuff off 1/2 way around the world to be designed by people with no clue about real security, their products are going to be crap and full of holes. At one point I could trust Cisco and Sun but now they are almost at the level of most beige box builders but with them I know who I can go visit to get my money back.

      All the new gear I've been buying is Kiwi designed stuff made by ATI. After a decade of dealing with cisco, I can't recomend any of their newer gear. the Current cisco mac address overflow was fixed by real engineers back in 1993. I'm not sure what kind of idiots they get to write their current code since bug history means nothing to them.

      Why don't I put this on bugtraq and get it fixed? Its simple, The idiots that put the bug together have good jobs and the good people that know this stuff don't because of cost cutting.

  3. Slashdotted your credibility-and everyone sees it by somethingwicked · · Score: 5, Interesting
    "Since they don't specify the OS, I'm assuming these are drivers for Windows."

    Funny, I am careful about checking my facts, and I am assuming that only 5 people will read my post. I would hope I would put a LITTLE more effort into my fact checking tho if I thought it was going to get 1,000,000 hits.

    Since the poster and the editors don't check their facts, I am assuming they don't.

    Slashdot is the first site I hit for tech info. And typically, while exagerrated, the attacks on MS have basis at least.

    But an ASSUMPTION like above about "Well, there's a problem, it must be Windows!" just makes my ears perk up immediately and want to check the facts. Why doesn't it for the Slashdot editors?

    WHY would you assume that? Just from the blurb the poster included it immediately seems the kind of oversight that would have the POTENTIAL at least to affect multiple systems.

    And yes, I realize that Windows drivers written by third-parties have been targetted, I find it amazingly amusing the native Windows drivers have been determined not to have this issue

    --

    ---"What did I say that sounded like 'Tell me about your day?'"---

  4. noticed this 6 years ago by martin · · Score: 5, Interesting

    The firm I was workign for at the time noticed this 6 years ago on AIX.

    We informed CERT/IBM - nothing happened.

    NOW it it makes all the headlines.

    what impact does it have - none, unless the stuff in the PADing area contains the unencrypted data that was originally send encryped. Or am I missing something like I normally do?