CVE-2009-4537

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

References

http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/

http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html

http://marc.info/?l=linux-netdev&m=126202972828626&w=2

http://marc.info/?t=126202986900002&r=1&w=2

http://secunia.com/advisories/38031

http://secunia.com/advisories/38610

http://secunia.com/advisories/39742

http://secunia.com/advisories/39830

http://secunia.com/advisories/40645

http://securitytracker.com/id?1023419

http://twitter.com/dakami/statuses/7104238406

http://www.debian.org/security/2010/dsa-2053

http://www.novell.com/linux/security/advisories/2010_23_kernel.html

http://www.openwall.com/lists/oss-security/2009/12/28/1

http://www.openwall.com/lists/oss-security/2009/12/29/2

http://www.openwall.com/lists/oss-security/2009/12/31/1

http://www.redhat.com/support/errata/RHSA-2010-0019.html

http://www.redhat.com/support/errata/RHSA-2010-0020.html

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.redhat.com/support/errata/RHSA-2010-0053.html

http://www.redhat.com/support/errata/RHSA-2010-0111.html

http://www.securityfocus.com/bid/37521

http://www.vupen.com/english/advisories/2010/1857

https://bugzilla.redhat.com/show_bug.cgi?id=550907

https://exchange.xforce.ibmcloud.com/vulnerabilities/55647

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Details

Source: MITRE

Published: 2010-01-12

Updated: 2018-11-16

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.6.32.3 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
89740VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)NessusVMware ESX Local Security Checks
critical
83006F5 Networks BIG-IP : Linux kernel vulnerability (SOL16479)NessusF5 Networks Local Security Checks
high
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
high
67983Oracle Linux 4 : kernel (ELSA-2010-0020)NessusOracle Linux Local Security Checks
critical
67982Oracle Linux 5 : kernel (ELSA-2010-0019)NessusOracle Linux Local Security Checks
critical
63919RHEL 4 : kernel (RHSA-2010:0111)NessusRed Hat Local Security Checks
critical
63915RHEL 5 : kernel (RHSA-2010:0079)NessusRed Hat Local Security Checks
critical
63913RHEL 5 : kernel (RHSA-2010:0053)NessusRed Hat Local Security Checks
critical
60728Scientific Linux Security Update : kernel on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60717Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60716Scientific Linux Security Update : kernel on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
59149SuSE 10 Security Update : the Linux kernel (x86_64) (ZYPP Patch Number 7063)NessusSuSE Local Security Checks
high
59148SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7015)NessusSuSE Local Security Checks
high
59147SuSE 10 Security Update : kernel-debug (ZYPP Patch Number 6986)NessusSuSE Local Security Checks
high
50922SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2682 / 2687 / 2689)NessusSuSE Local Security Checks
high
49871SuSE 10 Security Update : Linux kernel (i386) (ZYPP Patch Number 7059)NessusSuSE Local Security Checks
high
49671openSUSE Security Update : kernel (openSUSE-SU-2010:0664-1)NessusSuSE Local Security Checks
critical
48901SuSE9 Security Update : Linux kernel (YOU Patch Number 12636)NessusSuSE Local Security Checks
critical
47774openSUSE Security Update : kernel (openSUSE-SU-2010:0397-1)NessusSuSE Local Security Checks
high
47270Fedora 12 : kernel-2.6.31.12-174.2.19.fc12 (2010-1787)NessusFedora Local Security Checks
critical
47258Fedora 11 : kernel-2.6.30.10-105.2.13.fc11 (2010-1500)NessusFedora Local Security Checks
critical
46811Ubuntu 10.04 LTS : linux regression (USN-947-2)NessusUbuntu Local Security Checks
high
46810Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : linux, linux-source-2.6.15 vulnerabilities (USN-947-1)NessusUbuntu Local Security Checks
high
46765VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updatesNessusVMware ESX Local Security Checks
high
46725Debian DSA-2053-1 : linux-2.6 - privilege escalation/denial of service/information leakNessusDebian Local Security Checks
high
46252SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7011)NessusSuSE Local Security Checks
high
44026CentOS 4 : kernel (CESA-2010:0020)NessusCentOS Local Security Checks
critical
43832CentOS 5 : kernel (CESA-2010:0019)NessusCentOS Local Security Checks
critical
43821RHEL 4 : kernel (RHSA-2010:0020)NessusRed Hat Local Security Checks
critical
43820RHEL 5 : kernel (RHSA-2010:0019)NessusRed Hat Local Security Checks
critical
801481CentOS RHSA-2010-0019 Security CheckLog Correlation EngineGeneric
high