Security researchers at the firm @stake say they've found a flaw in how network device drivers send information that could create an "information leakage vulnerability" that may let hackers collect sensitive information sent from vulnerable devices. If successful, @stake says, hackers . . .
Security researchers at the firm @stake say they've found a flaw in how network device drivers send information that could create an "information leakage vulnerability" that may let hackers collect sensitive information sent from vulnerable devices. If successful, @stake says, hackers potentially could view "slices of previously transmitted packets or portions of kernel memory" over certain networks.

The CERT Coordination Center has posted a long list (http://www.kb.cert.org/vuls/id/412115) of network vendors' products that could be vulnerable to the flaw. However, as of now, the majority of vendors haven't disclosed whether their device drivers are at risk. So far, Cisco Systems, F5 Networks, Hitachi, Microsoft, and NEC have reported that they're not vulnerable. According to @stake's advisory, the software and hardware vendors were notified of the potential flaw in June 2002. According to CERT, no statement concerning this vulnerability is yet available from more than 40 of the vendors notified more than six months ago.

The link for this article located at CommWeb is no longer available.