Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.

Go Back   TechSpot OpenBoards > TS Community > News & Interesting links > Old Frontpage News & Comments

Critical Security Flaw in Many Ethernet Device Drivers

 
Bookmark / Share this page
Thread Tools
  #1  
Old 01-06-2003
Phantasm66's Avatar
TechSpot Evangelist
 
Location: Glasgow, Scotland
Member since: Feb 2002, 6,602 posts
Critical Security Flaw in Many Ethernet Device Drivers

If one follows the Ethernet Standard correctly, each packet transmitted on an Ethernet network should be a minimum of 46 bytes. Some higher level protocols, however, often require that smaller packets be sent. In this instance, devices are supposed to fill the remaining area with null data (i.e. randomly generated gibberish). However, there seems to be evidence that many Ethernet device drivers do not pad the packets with true null data, and in fact pad it with real data from previous packets!!! Aaaaaaaaaaaaaaaaaaaaah! BAD NEWS!

The investigations were conducted by researchers at @stake Inc., in Cambridge, Mass., and the CERT Coordination Center has posted on its Web site a list of vendors whose products may be affected by this vulnerability. That is available here.

Full story here.
 
Thread Tools

Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
WinZip has security flaw fix Phantasm66 Old Frontpage News & Comments 0 09-07-2004 03:49 PM
Security flaw found in Mozilla browsers Julio Old Frontpage News & Comments 9 07-09-2004 04:34 PM
Microsoft haunted by old IE security flaw Phantasm66 Old Frontpage News & Comments 0 06-30-2004 02:31 PM
Microsoft reveals DirectX 'critical' flaw Julio Old Frontpage News & Comments 5 07-25-2003 09:17 PM
Microsoft Ups IE Flaw to 'Critical' Phantasm66 Old Frontpage News & Comments 0 12-09-2002 10:52 AM


All times are GMT -4. The time now is 07:23 PM.