[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-4537Date: (C)2010-01-12   (M)2018-06-11


drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.8
Exploit Score: 10.0
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1023419
BID-37521
SECUNIA-38031
SECUNIA-38610
SECUNIA-39742
SECUNIA-39830
SECUNIA-40645
ADV-2010-1857
DSA-2053
FEDORA-2010-1787
RHSA-2010:0019
RHSA-2010:0020
RHSA-2010:0041
RHSA-2010:0053
RHSA-2010:0095
RHSA-2010:0111
SUSE-SA:2010:023
SUSE-SA:2010:031
http://marc.info/?l=linux-netdev&m=126202972828626&w=2
http://www.openwall.com/lists/oss-security/2009/12/28/1
http://www.openwall.com/lists/oss-security/2009/12/29/2
http://www.openwall.com/lists/oss-security/2009/12/31/1
http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
http://marc.info/?t=126202986900002&r=1&w=2
http://twitter.com/dakami/statuses/7104238406
https://bugzilla.redhat.com/show_bug.cgi?id=550907
kernel-r8169-dos(55647)

CPE    98
cpe:/o:linux:linux_kernel:2.6.18
cpe:/o:linux:linux_kernel:2.6.20.19
cpe:/o:linux:linux_kernel:2.6.23.9
cpe:/o:linux:linux_kernel:2.6.20.16
...
CWE    1
CWE-20
OVAL    27
oval:org.secpod.oval:def:700160
oval:org.secpod.oval:def:700028
oval:org.secpod.oval:def:1500321
oval:org.secpod.oval:def:101114
...

© SecPod Technologies