CVE-2009-4537

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
References
Link Resource
http://securitytracker.com/id?1023419 Third Party Advisory VDB Entry
http://www.redhat.com/support/errata/RHSA-2010-0019.html Third Party Advisory
http://secunia.com/advisories/38031 Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/12/29/2 Mailing List Third Party Advisory
http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/ Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/12/31/1 Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=550907 Issue Tracking Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0020.html Third Party Advisory
http://marc.info/?t=126202986900002&r=1&w=2 Mailing List Third Party Advisory
http://marc.info/?l=linux-netdev&m=126202972828626&w=2 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/37521 Third Party Advisory VDB Entry
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/12/28/1 Mailing List Third Party Advisory
http://twitter.com/dakami/statuses/7104238406 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0041.html Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2010-0095.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0111.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0053.html Third Party Advisory
http://secunia.com/advisories/38610 Third Party Advisory
http://www.novell.com/linux/security/advisories/2010_23_kernel.html Third Party Advisory
http://secunia.com/advisories/39742 Third Party Advisory
http://secunia.com/advisories/39830 Third Party Advisory
http://www.debian.org/security/2010/dsa-2053 Third Party Advisory
http://secunia.com/advisories/40645 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1857 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html Mailing List Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/55647 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Information

Published : 2010-01-12 09:30

Updated : 2018-11-16 07:52


NVD link : CVE-2009-4537

Mitre link : CVE-2009-4537


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

linux

  • linux_kernel