Subject: Re: Ethernet vulnerabilty [CERT vulnerability note VU#412115]
To: None <tech-kern@netbsd.org>
From: Christos Zoulas <christos@zoulas.com>
List: tech-kern
Date: 01/09/2003 18:39:34
In article <Pine.NEB.4.44.0301091019210.4462-100000@haiku.jarai.net>,
Brian Chase <vaxzilla@jarai.org> wrote:
>The CERT site lists the status of NetBSD's drivers with respect to this
>vulnerablity as "unknown". Does anyone know whether our ethernet
>drivers suffer from the the listed vulnerability?
>
> http://www.kb.cert.org/vuls/id/412115
>
>The above url details the problem.
For most modern chips this is a non-issue because they do automatic
padding (now what they pad with, god knows; I hope it is zeros)...
For the most popular vintage chips (eg. lance) we pad zeros manually.
There are others that might be broken (3c501).
christos