CVE-2005-3180
Description
The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.6.13
Patches
Vulnerability mechanics
Root cause
"The Orinoco driver pads Ethernet frames with uninitialized memory, leaking sensitive kernel data in transmitted packets."
Attack vector
An attacker sends ARP requests (e.g., using `arping(8)`) to a target system running a vulnerable Orinoco driver. The driver pads the Ethernet frame with uninitialized memory, causing the ARP reply to contain fragments of kernel memory that may include sensitive information such as file names or shell output. The attack is remote, requires no authentication, and has low complexity [ref_id=1][ref_id=2].
Affected code
The vulnerability resides in the Orinoco wireless driver (`orinoco.c`) in the Linux kernel up to version 2.6.13. When Ethernet frames are padded with uninitialized data, sensitive kernel memory contents are leaked into transmitted packets [ref_id=1][ref_id=2].
What the fix does
The patch, incorporated into Linux 2.6.13.4, ensures that memory used for padding Ethernet frames is properly cleared (zeroed) before transmission. By initializing the padding area, the driver no longer leaks stale kernel memory contents in outgoing packets, closing the information disclosure channel [ref_id=1][ref_id=2].
Preconditions
- configTarget must be running a Linux kernel with the vulnerable Orinoco driver (up to 2.6.13).
- networkAttacker must be able to send ARP requests to the target over the wireless network.
Generated on Jun 16, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
30- marc.infonvd
- secunia.com/advisories/17114nvd
- secunia.com/advisories/17280nvd
- secunia.com/advisories/17364nvd
- secunia.com/advisories/17826nvd
- secunia.com/advisories/17917nvd
- secunia.com/advisories/17918nvd
- secunia.com/advisories/18562nvd
- secunia.com/advisories/18684nvd
- secunia.com/advisories/19374nvd
- securityreason.com/securityalert/75nvd
- www.debian.org/security/2006/dsa-1017nvd
- www.kernel.org/hg/linux-2.6/nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2005-808.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0140.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0190.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0191.htmlnvd
- www.securityfocus.com/advisories/9549nvd
- www.securityfocus.com/advisories/9806nvd
- www.securityfocus.com/archive/1/419522/100/0/threadednvd
- www.securityfocus.com/archive/1/427980/100/0/threadednvd
- www.securityfocus.com/archive/1/428028/100/0/threadednvd
- www.securityfocus.com/archive/1/428058/100/0/threadednvd
- www.securityfocus.com/bid/15085nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11332nvd
- usn.ubuntu.com/219-1/nvd
News mentions
0No linked articles in our index yet.