Notified: February 03, 2003 Updated: February 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 10, 2003
Statement Date: January 10, 2003
Not Affected
Mac OS X and Mac OS X Server do not contain the vulnerability described in this advisory.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: September 03, 2013
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
This vulnerability is not relevant to secure platform. It is in linux 2.2/2.4. Splat is based on 2.6. See http://rhn.redhat.com/errata/RHSA-2003-103.html.
Check Point SecurePlatform, often referred to as SPLAT, is based off of Red Hat Enterprise Linux.
Notified: June 26, 2002 Updated: March 24, 2003
Statement Date: January 06, 2003
Unknown
Cisco Systems has determined that all of the latest shipping versions of Cisco IOS releases in the 12.1 and 12.2 trains are not vulnerable. Further information regarding this vulnerability and Cisco products may be found in the Security Notices section on Cisco's website.
We are not aware of further vendor information regarding this vulnerability.
For additional information, please contact Cisco Systems directly at
Notified: January 10, 2003 Updated: January 16, 2003
Statement Date: January 10, 2003
Not Affected
Clavister Firewall: Not Vulnerable All versions of Clavister Firewall explicitly fill frame paddings with zeroes above the driver level to avoid this problem. This prevents the firewall itself from becoming a source of information leaks, and also protects hosts that themselves are sources of information leaks. This zero padding is done for all datagram types; IP as well as non-IP protocols like ARP.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: February 03, 2003
Statement Date: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 17, 2003
Statement Date: January 17, 2003
Unknown
The Cray pvp machines and T3e are not vulnerable. SPR 724413 has been opened to investigate the Cray X1.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 25, 2003
Statement Date: June 09, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Debian has published several security advisories to address this vulnerability, each for a different version of Debian GNU/Linux. For further information, please see: Debian Security Advisory DSA 311: linux-kernel-2.4.18 - several vulnerabilities http://www.debian.org/security/2003/dsa-311 Debian Security Advisory DSA 312: kernel-patch-2.4.18-powerpc - several vulnerabilities http://www.debian.org/security/2003/dsa-312 Debian Security Advisory DSA 332: linux-kernel-2.4.17 - several vulnerabilities http://www.debian.org/security/2003/dsa-332 Debian Security Advisory DSA 336: linux-kernel-2.2.20 - several vulnerabilities http://www.debian.org/security/2003/dsa-336
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Statement Date: July 09, 2002
Not Affected
F5 Networks' products are not affected by this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: March 24, 2003
Statement Date: March 18, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Guardian Digital has published EnGarde Secure Linux Security Advisory ESA-20030318-009 to address this vulnerability. For more information, please see http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html
Notified: June 26, 2002 Updated: July 25, 2003
Statement Date: January 06, 2003
Affected
HP-UX - HP has investigated its network device drivers on HP-UX in order to determine the extent to which they are affected by this issue of reusing old frame buffer data to pad packets. The Security Bulletin HPSBUX0306-261 entitled "SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage)" addresses the vulnerability and is available on itrc.hp.com. Using your itrc account, security bulletins can be found here: http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin HP Tru64 UNIX - not vulnerable HP OpenVMS - not vulnerable HP NonStop Servers - not vulnerable
We are not aware of further vendor information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0305-261
Originally issued: 27 May 2003
Last revised: 08 July 2003
SSRT3451 Potential Security Vulnerability in HP-UX network
drivers (Data Leakage) (rev. 01) NOTICE: There are no restrictions for distribution of this
Bulletin provided that it remains complete and intact. The information in the following Security Bulletin should be
acted upon as soon as possible. Hewlett-Packard Company will
not be liable for any consequences to any customer resulting
from customer's failure to fully implement instructions in this
Security Bulletin as soon as possible. PROBLEM: Potential for Ethernet device drivers to reuse packet
data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001 IMPACT: Device drivers may not pad frames with null bytes,
potential leakage of kernel memory. PLATFORM: HP-UX releases B.10.20, B.11.00, and B.11.04. ** REVISED 01 **
SOLUTION: Install appropriate device driver patches: for HP-UX B.11.04 (VVOS): --->> PHNE_29244 B.11.04 (VVOS) EISA 100BT cumulative patch
--->> PHNE_29267 B.11.04 (VVOS) LAN product cumulative patch for HP-UX B.11.00
--->> PHNE_28143 s700_800 LAN product cumulative patch
PHNE_28636 s700_800 EISA 100BT cumulative patch for HP-UX 10.20
PHNE_28635 s700_800 EISA 100BT cumulative patch
PHNE_28536 s800 LAN products cumulative patch
PHNE_28535 s700 LAN products cumulative patch MANUAL ACTIONS: No AVAILABILITY: All patches are available now on
Notified: January 03, 2003 Updated: January 06, 2003
Statement Date: January 06, 2003
Not Affected
We've checked up on our router (Hitachi,Ltd. GR2000 series) about [VU#412115]. Our implementation is NOT vulnerable.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 10, 2003
Statement Date: January 09, 2003
Not Affected
IBM's AIX operating system pads Ethernet packets with null bytes. AIX is not affected by the issues discussed in Vulnerability Note VU#412115.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: April 21, 2003
Statement Date: January 14, 2003
Affected
Intel has done a complete audit of our Ethernet drivers and determined that we have very limited exposure to the reported security hole. Here is a breakdown of our drivers and exposure: Windows: NDIS2 Version 3.2 of our NDIS2 driver resolves the vulnerability NDIS3 No exposure to reported hole NDIS4 No exposure to reported hole NDIS5 No exposure to reported hole NDIS5.1 No exposure to reported hole ANS No exposure to reported hole OS/2: NDIS2 Version 3.2 of our NDIS2 driver resolves the vulnerability Novell: ODI Version 2.13 of our ODI driver resolves the vulnerability C-Spec No exposure to reported hole ANS No exposure to reported hole Linux: e100 No exposure to reported hole e1000 No exposure to reported hole ANS No exposure to reported hole SCO: SCO5.x No exposure to reported hole UW7.x No exposure to reported hole UW8 No exposure to reported hole
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 25, 2003
Statement Date: March 28, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
MandrakeSoft has published multiple Mandrake Linux Security Update Advisories to address this vulnerability. For more information, please see: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:039 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:066 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:074
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 25, 2003
Statement Date: January 04, 2003
Unknown
Microsoft does not ship any Microsoft written drivers that contain the vulnerability. However, we have found some 3rd party drivers and samples in our documentation that, when compiled without alteration, could yield a driver that could contain this issue. We have made corrections to the samples in our documentation and are working with 3rd parties, and have included tests for this issue in our driver certification program.
We are not aware of further vendor information regarding this vulnerability.
NGSSoftware has investigated this vulnerability and determined that several network drivers shipped with Microsoft Windows Server 20003 are affected. For additional information, please see: http://www.nextgenss.com/advisories/etherleak-2003.txt
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 09, 2003 Updated: January 16, 2003
Statement Date: January 09, 2003
Not Affected
National Semiconductor manufactures a number of Ethernet controller chips, both for 100 Mbps and Gigabit Ethernet. Specifically these chips are used by our customers to create Ethernet adapter and LAN on Motherboard (LOM) products. In addition some of the MAC controller cores are integrated into other silicon products National produces. The base product line is as follows: DP83815 100 Mbps Ethernet MAC/PHY DP83816 100 Mbps Ethernet MAC/PHY DP83820 1000 Mbps Ethernet MAC We have evaluated our MAC cores to determine their vulnerability to the issue that your report raised. We have found that our products properly pad short frames with 00's. However we did find that it is possible that from 1 - 7 bytes following the end of actual frame data may contain byte data from that same frame. All bytes following this alignment padding, however, will be 00's. Because the non-zero data comes from the same frame, this does not represent a security problem. Future Ethernet MAC products from National Semiconductor will not duplicate data and will 00 out all padding on short frames.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Statement Date: July 05, 2002
Not Affected
[Server Products] * EWS/UP 48 Series operating system - is NOT vulnerable.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 08, 2003
Statement Date: January 07, 2003
Affected
Currently shipping NetApp systems are not vulnerable. If you have the old "Gigabit Ethernet Controller I" on your system, you may be vulnerable and should contact NetApp support.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: March 31, 2003
Statement Date: February 05, 2003
Affected
Red Hat Linux and Red Hat Enterprise Linux shipped with a number of ethernet drivers in the kernel package which are vulnerable to this issue. New kernel packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool. Red Hat Enterprise Linux http://rhn.redhat.com/errata/RHSA-2003-103.html Red Hat Linux (kernel versions 2.4) http://rhn.redhat.com/errata/RHSA-2003-025.html Red Hat Linux (kernel versions 2.2) http://rhn.redhat.com/errata/RHSA-2003-088.html
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 09, 2003
Statement Date: June 02, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: Some Network Drivers May Leak Data
Number : 20030601-01-A
Date : June 2, 2003
Reference: CERT Vulnerability Note VU#412115
Reference: CVE CAN-2003-0001
Reference: SGI BUG 878043 SGI provides this information freely to the SGI user community for its
consideration, interpretation, implementation and use. SGI recommends that
this information be acted upon as soon as possible. SGI provides the information in this Security Advisory on an "AS-IS" basis
only, and disclaims all warranties with respect thereto, express, implied
or otherwise, including, without limitation, any warranty of merchantability
or fitness for a particular purpose. In no event shall SGI be liable for
any loss of profits, loss of business, loss of data or for any indirect,
special, exemplary, incidental or consequential damages of any kind arising
from your use of, failure to use or improper use of any of the instructions
or information in this Security Advisory. SGI acknowledges the network device driver vulnerability reported by AtStake
and is currently investigating: http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
http://www.kb.cert.org/vuls/id/412115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001 Our initial investigation shows that our egXX and tgXX gigabit cards and
efXX interfaces in Origins and Octanes don't appear to be vulnerable. No further information is available at this time. As further information
becomes available, additional advisories will be issued. For the protection of all our customers, SGI does not disclose, discuss or
confirm vulnerabilities until a full investigation has occurred and any
necessary patch(es) or release streams are available for all vulnerable and
supported Linux and IRIX operating systems. Until SGI has more definitive information to provide, customers are
encouraged to assume all security vulnerabilities as exploitable and take
appropriate steps according to local site security policies and
requirements. As further information becomes available, additional advisories will be
issued via the normal SGI security information distribution methods
including the wiretap mailing list. - - --- SGI Security Information/Contacts --- If there are questions about this document, email can be sent to
security-info@sgi.com. ------oOo------ SGI provides security information and patches for use by the entire SGI
community. This information is freely available to any person needing the
information and is available via anonymous FTP and the Web. The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com. Security advisories and patches are located under the URL
ftp://patches.sgi.com/support/free/security/ The SGI Security Headquarters Web page is accessible at the URL
http://www.sgi.com/support/security/ For issues with the patches on the FTP sites, email can be sent to
security-info@sgi.com. For assistance obtaining or working with security patches, please contact
your SGI support provider. ------oOo------ SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(http://www.sgi.com/support/security/wiretap.html) or by sending email to
SGI as outlined below. % mail wiretap-request@sgi.com
subscribe wiretap
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: February 03, 2003
Statement Date: January 27, 2003
Affected
Sun is investigating its network device drivers in order to determine if they are affected by this issue of reusing old frame buffer data to pad packets. A list of interfaces which have completed investigation thus far is as follows: Interface Name Vulnerable? ce(7D) - Cassini Gigabit-Ethernet No dmfe(7D) - Davicom Fast Ethernet No elxl(7D) - 3Com EtherLink XL/Server Yes eri(7D) - eri Fast-Ethernet No ge(7D) - GEM Gigabit-Ethernet No iprb(7D) - Intel 82557, 82558, No 82559-controlled Ethernet le(7D) - Am7990 (LANCE) Ethernet Yes pcelx(7D) - 3COM EtherLink III PCMCIA Ethernet No qfe(7D) - Quad Fast-Ethernet No Additional interfaces are under investigation. A complete listing along with patch details for affected interfaces will be provided in a Sun Alert to be published soon.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: April 04, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: April 04, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 13, 2003 Updated: January 14, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 03, 2003 Updated: January 03, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 09, 2003
Statement Date: December 10, 2002
Affected
A response to this vulnerability is available from our web site: http://www.xerox.com/security.
We are not aware of further vendor information regarding this vulnerability.
For direct access to the Xerox Corporation response, please visit: http://a1851.g.akamaitech.net/f/1851/2996/24h/cache.xerox.com/downloads/usa/en/c/CERT_VU412115.pdf
Notified: January 13, 2003 Updated: July 24, 2003
Statement Date: February 20, 2003
Not Affected
ZyXEL devices with ZyNOS V2.50 to V3.60 are not vulnerable to this advisory #412115.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.