CVE-2009-4537

high

Description

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

References

https://rhn.redhat.com/errata/RHSA-2010-0095.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443

https://exchange.xforce.ibmcloud.com/vulnerabilities/55647

https://bugzilla.redhat.com/show_bug.cgi?id=550907

http://www.vupen.com/english/advisories/2010/1857

http://www.securityfocus.com/bid/37521

http://www.redhat.com/support/errata/RHSA-2010-0111.html

http://www.redhat.com/support/errata/RHSA-2010-0053.html

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.redhat.com/support/errata/RHSA-2010-0020.html

http://www.redhat.com/support/errata/RHSA-2010-0019.html

http://www.openwall.com/lists/oss-security/2009/12/31/1

http://www.openwall.com/lists/oss-security/2009/12/29/2

http://www.openwall.com/lists/oss-security/2009/12/28/1

http://www.novell.com/linux/security/advisories/2010_23_kernel.html

http://www.debian.org/security/2010/dsa-2053

http://twitter.com/dakami/statuses/7104238406

http://securitytracker.com/id?1023419

http://secunia.com/advisories/40645

http://secunia.com/advisories/39830

http://secunia.com/advisories/39742

http://secunia.com/advisories/38610

http://secunia.com/advisories/38031

http://marc.info/?t=126202986900002&r=1&w=2

http://marc.info/?l=linux-netdev&m=126202972828626&w=2

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html

http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html

http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/

Details

Source: Mitre, NVD

Published: 2010-01-12

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High