CVE-2009-4537

12.01.2010, 17:30

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
linux	linux_kernel	𝑥 ≤ 2.6.32.3
debian	debian_linux	5.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

linux

lucid	Fixed 2.6.32-22.35 released
karmic	Fixed 2.6.31-22.60 released
jaunty	Fixed 2.6.28-19.61 released
intrepid	ignored
hardy	Fixed 2.6.24-28.70 released
dapper	dne

linux-source-2.6.15

lucid	dne
karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
dapper	Fixed 2.6.15-55.84 released

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/

http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html

http://marc.info/?l=linux-netdev&m=126202972828626&w=2

http://marc.info/?t=126202986900002&r=1&w=2

http://secunia.com/advisories/38031

http://secunia.com/advisories/38610

http://secunia.com/advisories/39742

http://secunia.com/advisories/39830

http://secunia.com/advisories/40645

http://securitytracker.com/id?1023419

http://twitter.com/dakami/statuses/7104238406

http://www.debian.org/security/2010/dsa-2053

http://www.novell.com/linux/security/advisories/2010_23_kernel.html

http://www.openwall.com/lists/oss-security/2009/12/28/1

http://www.openwall.com/lists/oss-security/2009/12/29/2

http://www.openwall.com/lists/oss-security/2009/12/31/1

http://www.redhat.com/support/errata/RHSA-2010-0019.html

http://www.redhat.com/support/errata/RHSA-2010-0020.html

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.redhat.com/support/errata/RHSA-2010-0053.html

http://www.redhat.com/support/errata/RHSA-2010-0111.html

http://www.securityfocus.com/bid/37521

http://www.vupen.com/english/advisories/2010/1857

https://bugzilla.redhat.com/show_bug.cgi?id=550907

https://exchange.xforce.ibmcloud.com/vulnerabilities/55647

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439

https://rhn.redhat.com/errata/RHSA-2010-0095.html

http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/

http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html

http://marc.info/?l=linux-netdev&m=126202972828626&w=2

http://marc.info/?t=126202986900002&r=1&w=2

http://secunia.com/advisories/38031

http://secunia.com/advisories/38610

http://secunia.com/advisories/39742

http://secunia.com/advisories/39830

http://secunia.com/advisories/40645

http://securitytracker.com/id?1023419

http://twitter.com/dakami/statuses/7104238406

http://www.debian.org/security/2010/dsa-2053

http://www.novell.com/linux/security/advisories/2010_23_kernel.html

http://www.openwall.com/lists/oss-security/2009/12/28/1

http://www.openwall.com/lists/oss-security/2009/12/29/2

http://www.openwall.com/lists/oss-security/2009/12/31/1

http://www.redhat.com/support/errata/RHSA-2010-0019.html

http://www.redhat.com/support/errata/RHSA-2010-0020.html

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.redhat.com/support/errata/RHSA-2010-0053.html

http://www.redhat.com/support/errata/RHSA-2010-0111.html

http://www.securityfocus.com/bid/37521

http://www.vupen.com/english/advisories/2010/1857

https://bugzilla.redhat.com/show_bug.cgi?id=550907

https://exchange.xforce.ibmcloud.com/vulnerabilities/55647

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439

https://rhn.redhat.com/errata/RHSA-2010-0095.html