[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-4536Date: (C)2010-01-12   (M)2018-06-11


drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.8
Exploit Score: 10.0
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1023420
SECUNIA-35265
BID-37519
SECUNIA-38031
SECUNIA-38276
SECUNIA-38296
SECUNIA-38492
SECUNIA-38610
SECUNIA-38779
DSA-1996
DSA-2005
FEDORA-2010-1787
IAVM:2011-A-0075
RHSA-2010:0019
RHSA-2010:0020
RHSA-2010:0041
RHSA-2010:0053
RHSA-2010:0095
RHSA-2010:0111
RHSA-2010:0882
SUSE-SA:2010:005
SUSE-SA:2010:007
SUSE-SA:2010:010
SUSE-SA:2010:012
SUSE-SA:2010:013
SUSE-SA:2010:014
http://www.openwall.com/lists/oss-security/2009/12/28/1
http://www.openwall.com/lists/oss-security/2009/12/29/2
http://www.openwall.com/lists/oss-security/2009/12/31/1
http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
http://marc.info/?t=126203102000001&r=1&w=2
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
https://bugzilla.redhat.com/show_bug.cgi?id=552126
kernel-e1000main-security-bypass(55648)

CPE    98
cpe:/o:linux:linux_kernel:2.6.18
cpe:/o:linux:linux_kernel:2.6.20.19
cpe:/o:linux:linux_kernel:2.6.23.9
cpe:/o:linux:linux_kernel:2.6.20.16
...
CWE    1
CWE-189
OVAL    19
oval:org.secpod.oval:def:700020
oval:org.secpod.oval:def:400044
oval:org.secpod.oval:def:400026
oval:org.secpod.oval:def:100034
...

© SecPod Technologies