Nessus reports an "etherleak", risk factor - serious, CVE: CAN-2003-0001 BID:6535 see http://www.atstake.com/research/advisories/2003/a010603-1.txt for details. I am running an up to date system as of 7-16-03 using Realtek RTL-8139 network card and the 8139too driver compiled into the kernel rather than as a module. Kernel is 2.4.20-gentoo-r5. This test was run on my local lan. Although this is not a risk from the outside, those companies running such cards in their workstations/servers can be at risk from within. Chuck support@pathworx.com
cleaning up older bugs...this one somehow got overlooked. I'm assuming that this vuln., being over a year old, has now been fixed, but I can't find any confirmation. kernel team, can you confirm? Some relevant links: http://www.atstake.com/research/advisories/2003/a010603-1.txt http://www.kb.cert.org/vuls/id/412115 http://www.redhat.com/support/errata/RHSA-2003-025.html
The only patch to 8139too.c that I could find in the redhat kernel were present in vanilla-sources-2.4.25. Would be nice to get confirmation from jgarzik@pobox.com though.
Chuck -- we don't have an easy way to test if this is fixed in newer versions of the kernel. Since it sounds like you tested this a while back, can you test again using 2.4.25 vanilla to tell us if the issue is resolved? Thanks.
Re comment #2 (confirmation email) --------------------------------------------------------------------- For hardware that does not auto-pad (like 8139), you can grep any net driver for skb_padto() or ETH_ZLEN to determine if such bugs have been fixed. Of course, in order to determine if hardware supports auto-pad, one must test or consult the docs (well, docs can be wrong... might as well just test). Jeff ---------------------------------------------------------------------
Lowering Severity and changing resolution to UPSTREAM. Gentoo has no way of preforming these tests and nobody is stepping up and saying (Yo Hi I have a RelTek 8139 and I tested it with kernel-x.x.x and it's vuln/not vuln) and this bug has been in an open state for way to long.. If anybody disagrees with this then please open the bug and preform some tests.