1 - 15 August, 2003

Strategies & Consulting (IT)
IT Solutions & Applications
Communication Technologies
Internet & Mobile Internet

Exchange rates
March 10, 2008
1 EUR = 3 ROL
1 USD = 2 ROL
1 GBP = 4 ROL

Date, grafice si
informatii la zi despre toate actiunile cotate la

Bursa de Valori Bucuresti
Introduceti simbolul unei societati cotate
Serviciu gratuit asigurat de www.kmarket.ro

Date, grafice si valoarea titlului pentru
fondurile mutuale

inscrise in UNOPC

Serviciu gratuit asigurat de

Ethernet security leak discovered

According to the Internet media, the researchers from @stake have discovered a vulnerability that has been slowly bleeding sensitive data across networks for more than a decade.

The report from @stake, "EtherLeak: Ethernet frame padding information leakage," indicates that the threat derives from the fact that some Ethernet device drivers have been padding small Ethernet packets with previously transmitted and other sensitive data rather than the nulls called for in the Ethernet standard.

Ethernet packets can be from 46 to 1,500 bytes in size. But some high-level protocols call for shorter packets, and the IEEE 802.3 (Ethernet) standard says these should be padded with nulls to meet the minimum size requirements.

The recent discovery by @stake researchers is that some network interface card device drivers don't generate nulls; instead, they use old pieces of data as filler without any regard to what information is contained in them. In various installations, the "fill" information can come from dynamic kernel memory, from static system memory dedicated to the device driver, or from RAM on the network interface card itself. The source of the data determines what sort of risk is posed.

The researchers suggest that the easiest way to exploit this vulnerability is to send ICMP echo commands to a machine running a vulnerable driver, which will then return bits of kernel memory data to pad the reply. These, in turn, can be searched for valuable information using a packet sniffer.

CERT warned, "This vulnerability may also affect link layer networking protocols other than Ethernet," but it didn't list any examples in the Vulnerability Note.

[ Editorial ] | [ Cover Story ] | [ e-Business ] | [ e-Technology ] | [ Education & HR ] | [ Events ] | [ e-Shore Magazine ]