CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2009-4537 – kernel: r8169 issue reported at 26c3
https://notcve.org/view.php?id=CVE-2009-4537
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. drivers/net/r8169.c en el driver r8169 en el kernel de Linux v2.6.32.3 y anteriores no comprueba correctamente el tamaño de una trama Ethernet que excede el tamaño MTU, lo que permite a atacantes remotos (1) producir una denegación de servicio (caída temporal de la red) a través de un paquete con un tamaño manipulado, en unión con ciertos paquetes que contienen caracteres "A" y otros paquetes que contienen caracteres "E"; o (2) producir una denegación de servicio (caída del sistema) a través de un paquete con el tamaño manipulado, junto con algunos paquetes que contienen el carácter '/0', relacionado con el valor del estado de registro y un comportamiento erróneo relacionado con el registro RxMaxSize , NOTA: Esta vulnerabilidad se produjo por un arreglo incorrecto de CVE-20091389. • http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://marc.info/?l=linux-netdev&m=126202972828626&w=2 http://marc.info/?t=126202986900002&r=1&w=2 http://secunia.com/advisories/38031 http://secunia.com/advisories/38610 http://secunia.com/advis • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 338EXPL: 0CVE-2009-4138 – kernel: firewire: ohci: handle receive packets with a data length of zero
https://notcve.org/view.php?id=CVE-2009-4138
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. drivers/firewire/ohci.c en el kernel de Linux anterior a v2.6.32-git9, cuando se usa el modo packet-per-buffer, permite a usuarios locales provocar una denegación de servicio (deferencia a puntero NULL y caída del sistema) o posiblemente otro impacto desconocido a través de un ioctl sin especificar asociado a cuando se recibe un paquete ISO que contiene Zero en el campo payload-length. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://patchwork.kernel.org/patch/66747 http://secunia.com/advisories/38017 http://secunia.com/advisories/38276 http://support.avaya.com/css/P8/documents/ • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 2%CPEs: 332EXPL: 1CVE-2009-4307 – kernel: ext4: avoid divide by zero when trying to mount a corrupted file system
https://notcve.org/view.php?id=CVE-2009-4307
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). La funcion ext4_fill_flex_info en fs/ext4/super.c en el kernel de Linux anteriores a v2.6.32-git6 permite a atacantes remotos asistidos por el usuario producir una denegación de servicio (error de división por cero y panic) a través de un sistema de ficheros ext4 malformado que contenga un super bloque con un valor de tamaño de grupo FLEX_BG grande (también conocido como valor s_log_groups_per_flex). • http://bugzilla.kernel.org/show_bug.cgi?id=14287 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=503358ae01b70ce6909d19dd01287093f6b6271c http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lkml.org/lkml/2009/12/9/255 http://secunia.com/advisories/37658 http://secunia.com/advisories/38017 http://secunia.com/advisories/38276 http://www.kernel.org&#x • CWE-189: Numeric Errors •
CVSS: 4.9EPSS: 0%CPEs: 340EXPL: 0CVE-2009-4306
https://notcve.org/view.php?id=CVE-2009-4306
Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131. Vulnerabilidad sin especificar en la implementación EXT4_IOC_MOVE_EXT (también conocido como "move extents") ioctl en el sistema de ficheros ext4 en el kernel de Linux v2.6.32-git6 y anteriores permite a usuarios locales producir una denegación de servicio (corrupción del sistema de ficheros) a través de vectores desconocidos, una vulnerabilidad diferente que CVE-2009-4131. • http://grsecurity.org/test/grsecurity-2.1.14-2.6.32-200912112157.patch http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://secunia.com/advisories/38017 http://twitter.com/fotisl/statuses/6568947714 http://twitter.com/spendergrsec/statuses/6551797457 http://twitter.com/spendergrsec/statuses/6567167692 http://twitter.com/spendergrsec/statuses/6569596339 http://twitter.com/spendergrsec/statuses/6572069107 http://twitter.com/spendergrsec/statuses/6583954567 http://twitter.com& •
CVSS: 7.1EPSS: 2%CPEs: 331EXPL: 0CVE-2009-4308 – kernel: ext4: Avoid null pointer dereference when decoding EROFS w/o a journal
https://notcve.org/view.php?id=CVE-2009-4308
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. La funcion ext4_decode_error en fs/ext4/super.c en el sistema de ficheros ext4 en el kernel de Linux anteriores a v2.6.32 permite a atacantes remotos asistidos por el usuario producir una denegación de servicio (desreferencia a punteru NULL), y posiblemente tienes mas impacto sin especificar, a través de de un sistema de ficheros solo de lectura que carece de journal. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78f1ddbb498283c2445c11b0dfa666424c301803 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://secunia.com/advisories/37658 http://secunia.com/advisories/38017 http://secunia.com/advisories/38276 http://secunia.com/advisories/43315 http://www • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •