[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-4537

Date: (C)2010-01-12   (M)2017-09-22
 
CVSS Score: 7.8Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE











drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

Reference:
SECTRACK-1023419
BID-37521
SECUNIA-38031
SECUNIA-38610
SECUNIA-39742
SECUNIA-39830
SECUNIA-40645
ADV-2010-1857
DSA-2053
FEDORA-2010-1787
RHSA-2010:0019
RHSA-2010:0020
RHSA-2010:0041
RHSA-2010:0053
RHSA-2010:0095
RHSA-2010:0111
SUSE-SA:2010:023
SUSE-SA:2010:031
http://marc.info/?l=linux-netdev&m=126202972828626&w=2
http://www.openwall.com/lists/oss-security/2009/12/28/1
http://www.openwall.com/lists/oss-security/2009/12/29/2
http://www.openwall.com/lists/oss-security/2009/12/31/1
http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
http://marc.info/?t=126202986900002&r=1&w=2
http://twitter.com/dakami/statuses/7104238406
https://bugzilla.redhat.com/show_bug.cgi?id=550907
kernel-r8169-dos(55647)

CPE    98
cpe:/o:linux:linux_kernel:2.6.20.19
cpe:/o:linux:linux_kernel:2.6.23.9
cpe:/o:linux:linux_kernel:2.6.20.16
cpe:/o:linux:linux_kernel:2.6.20.17
...
CWE    1
CWE-20
OVAL    27
oval:org.secpod.oval:def:201798
oval:org.secpod.oval:def:500473
oval:org.secpod.oval:def:400044
oval:org.secpod.oval:def:201750
...

© 2013 SecPod Technologies