CVE-2009-4538

HIGH

Description

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html

http://secunia.com/advisories/38031

http://secunia.com/advisories/38276

http://secunia.com/advisories/38296

http://secunia.com/advisories/38492

http://secunia.com/advisories/38610

http://secunia.com/advisories/38779

http://securitytracker.com/id?1023420

http://www.debian.org/security/2010/dsa-1996

http://www.debian.org/security/2010/dsa-2005

http://www.mandriva.com/security/advisories?name=MDVSA-2010:066

http://www.openwall.com/lists/oss-security/2009/12/28/1

http://www.openwall.com/lists/oss-security/2009/12/29/2

http://www.openwall.com/lists/oss-security/2009/12/31/1

http://www.redhat.com/support/errata/RHSA-2010-0019.html

http://www.redhat.com/support/errata/RHSA-2010-0020.html

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.redhat.com/support/errata/RHSA-2010-0053.html

http://www.redhat.com/support/errata/RHSA-2010-0111.html

http://www.securityfocus.com/bid/37523

https://bugzilla.redhat.com/show_bug.cgi?id=551214

https://exchange.xforce.ibmcloud.com/vulnerabilities/55645

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Details

Source: MITRE

Published: 2010-01-12

Updated: 2018-11-16

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.6.32.3 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
89740VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)NessusVMware ESX Local Security Checks
critical
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
critical
67983Oracle Linux 4 : kernel (ELSA-2010-0020)NessusOracle Linux Local Security Checks
critical
67982Oracle Linux 5 : kernel (ELSA-2010-0019)NessusOracle Linux Local Security Checks
critical
63919RHEL 4 : kernel (RHSA-2010:0111)NessusRed Hat Local Security Checks
critical
63915RHEL 5 : kernel (RHSA-2010:0079)NessusRed Hat Local Security Checks
critical
63913RHEL 5 : kernel (RHSA-2010:0053)NessusRed Hat Local Security Checks
critical
60748Scientific Linux Security Update : kernel on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60717Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60716Scientific Linux Security Update : kernel on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
59145SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6810)NessusSuSE Local Security Checks
critical
59144SuSE 10 Security Update : the debug kernel (ZYPP Patch Number 6778)NessusSuSE Local Security Checks
critical
52685SuSE 11 Security Update : Linux kernel (SAT Patch Number 1753)NessusSuSE Local Security Checks
critical
49869SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 6779)NessusSuSE Local Security Checks
critical
48176Mandriva Linux Security Advisory : kernel (MDVSA-2010:066)NessusMandriva Local Security Checks
critical
47270Fedora 12 : kernel-2.6.31.12-174.2.19.fc12 (2010-1787)NessusFedora Local Security Checks
critical
47258Fedora 11 : kernel-2.6.30.10-105.2.13.fc11 (2010-1500)NessusFedora Local Security Checks
critical
46765VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updatesNessusVMware ESX Local Security Checks
critical
44966SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2040 / 2043 / 2044)NessusSuSE Local Security Checks
critical
44964openSUSE Security Update : kernel (kernel-2050)NessusSuSE Local Security Checks
critical
44951Debian DSA-2005-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leakNessusDebian Local Security Checks
critical
44860Debian DSA-1996-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leakNessusDebian Local Security Checks
critical
44621openSUSE Security Update : kernel (kernel-1908)NessusSuSE Local Security Checks
critical
44411SuSE 11.2 Security Update: kernel (2010-01-28)NessusSuSE Local Security Checks
critical
44399Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-894-1)NessusUbuntu Local Security Checks
critical
44398SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6806)NessusSuSE Local Security Checks
critical
44037SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1754 / 1760)NessusSuSE Local Security Checks
critical
44034openSUSE Security Update : kernel (kernel-1749)NessusSuSE Local Security Checks
critical
44026CentOS 4 : kernel (CESA-2010:0020)NessusCentOS Local Security Checks
critical
43832CentOS 5 : kernel (CESA-2010:0019)NessusCentOS Local Security Checks
critical
43821RHEL 4 : kernel (RHSA-2010:0020)NessusRed Hat Local Security Checks
critical
43820RHEL 5 : kernel (RHSA-2010:0019)NessusRed Hat Local Security Checks
critical
801481CentOS RHSA-2010-0019 Security CheckLog Correlation EngineGeneric
high