CVE-2009-4537

HIGH

Description

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

References

http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/

http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html

http://marc.info/?l=linux-netdev&m=126202972828626&w=2

http://marc.info/?t=126202986900002&r=1&w=2

http://secunia.com/advisories/38031

http://secunia.com/advisories/38610

http://secunia.com/advisories/39742

http://secunia.com/advisories/39830

http://secunia.com/advisories/40645

http://securitytracker.com/id?1023419

http://twitter.com/dakami/statuses/7104238406

http://www.debian.org/security/2010/dsa-2053

http://www.novell.com/linux/security/advisories/2010_23_kernel.html

http://www.openwall.com/lists/oss-security/2009/12/28/1

http://www.openwall.com/lists/oss-security/2009/12/29/2

http://www.openwall.com/lists/oss-security/2009/12/31/1

http://www.redhat.com/support/errata/RHSA-2010-0019.html

http://www.redhat.com/support/errata/RHSA-2010-0020.html

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.redhat.com/support/errata/RHSA-2010-0053.html

http://www.redhat.com/support/errata/RHSA-2010-0111.html

http://www.securityfocus.com/bid/37521

http://www.vupen.com/english/advisories/2010/1857

https://bugzilla.redhat.com/show_bug.cgi?id=550907

https://exchange.xforce.ibmcloud.com/vulnerabilities/55647

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Details

Source: MITRE

Published: 2010-01-12

Updated: 2018-11-16

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH