[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-4536

Date: (C)2010-01-12   (M)2017-09-22
 
CVSS Score: 7.8Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE











drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.

Reference:
SECTRACK-1023420
SECUNIA-35265
BID-37519
SECUNIA-38031
SECUNIA-38276
SECUNIA-38296
SECUNIA-38492
SECUNIA-38610
SECUNIA-38779
DSA-1996
DSA-2005
FEDORA-2010-1787
IAVM:2011-A-0075
RHSA-2010:0019
RHSA-2010:0020
RHSA-2010:0041
RHSA-2010:0053
RHSA-2010:0095
RHSA-2010:0111
RHSA-2010:0882
SUSE-SA:2010:005
SUSE-SA:2010:007
SUSE-SA:2010:010
SUSE-SA:2010:012
SUSE-SA:2010:013
SUSE-SA:2010:014
http://www.openwall.com/lists/oss-security/2009/12/28/1
http://www.openwall.com/lists/oss-security/2009/12/29/2
http://www.openwall.com/lists/oss-security/2009/12/31/1
http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
http://marc.info/?t=126203102000001&r=1&w=2
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
https://bugzilla.redhat.com/show_bug.cgi?id=552126
kernel-e1000main-security-bypass(55648)

CPE    98
cpe:/o:linux:linux_kernel:2.6.20.19
cpe:/o:linux:linux_kernel:2.6.23.9
cpe:/o:linux:linux_kernel:2.6.20.16
cpe:/o:linux:linux_kernel:2.6.20.17
...
CWE    1
CWE-189
OVAL    19
oval:org.secpod.oval:def:400044
oval:org.secpod.oval:def:500432
oval:org.secpod.oval:def:200134
oval:org.secpod.oval:def:200186
...

© 2013 SecPod Technologies