Title: Microsoft Windows FIN-ACK Network Device Driver Frame Padding Information Disclosure Vulnerability
Severity: MODERATE
Description:
Network device drivers for Microsoft Windows Server 2003 has been reported to disclose potentially sensitive information to attackers.
Frames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes. Some device drivers do not do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across ethernet segments. As the ethernet frame buffer is allocated in kernel memory space, sensitive data may be leaked.
An attacker can exploit this vulnerability by sending a simple TCP packet, with the FIN-ACK flags set, to a vulnerable machine. A response to such a query will involve a packet that has been padded to a sufficient length. It may be that the information that is padded is of a sensitive nature. An attacker may use the information obtained in this manner to launch other attacks against a vulnerable system.
The following drivers were reported to be vulnerable to this issue:
VIA Rhine II Compatible network card (some motherboards have this integrated)
AMD PCNet family network cards (Used by some versions of VMWare).
The affected drivers are signed by the vendor and are available on the Windows Server 2003 CD. Both drivers have been reported to disclose sensitive information, such as POP3 passwords, to attackers.
This vulnerability is similar to the issue described in BID 6535.
Affected Products:
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
