Note: This is an archival copy of Security Sun Alert 201477 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001104.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 2.6 Operating System Solaris 7 Operating System Solaris 8 Operating System Bug Id 4105008 Date of Resolved Release 02-OCT-2003 Impact The Sun Am7990 ("LANCE") Ethernet driver (le(7D)) may reuse old frame buffer data to pad packets resulting in an information leakage vulnerability that may allow a remote privileged user to harvest sensitive information from network traffic. This issue is described in CERT Vulnerability VU#412115 (see http://www.kb.cert.org/vuls/id/412115 and http://www.kb.cert.org/vuls/id/JPLA-5BGNYP). Contributing Factors This issue can occur in the following releases: SPARC Platform
Note: The Am7990 ("LANCE") Ethernet driver le(7D) is for SPARC platforms only, thus x86 platforms are not affected. This issue only occurs on SPARC systems that utilize the Am7990 ("LANCE") Ethernet driver (le(7D)). To determine if the Am7990 Ethernet driver is installed on your system, run the following command: $ ifconfig -a le0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 inet 127.0.0.0 netmask ff000000 Any reference to "le0" would indicate an open Lance Ethernet (le) interface. Symptoms There are no predictable symptoms that would show the described issue has been exploited. Workaround There is no workaround for this issue. Please see "Resolution" section below. Resolution This issue is addressed in the following releases: SPARC Platform
Modification History References115172-01112609-02 112604-02 105181-35 Attachments This solution has no attachment |
|