CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2009-4537 – kernel: r8169 issue reported at 26c3
https://notcve.org/view.php?id=CVE-2009-4537
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. drivers/net/r8169.c en el driver r8169 en el kernel de Linux v2.6.32.3 y anteriores no comprueba correctamente el tamaño de una trama Ethernet que excede el tamaño MTU, lo que permite a atacantes remotos (1) producir una denegación de servicio (caída temporal de la red) a través de un paquete con un tamaño manipulado, en unión con ciertos paquetes que contienen caracteres "A" y otros paquetes que contienen caracteres "E"; o (2) producir una denegación de servicio (caída del sistema) a través de un paquete con el tamaño manipulado, junto con algunos paquetes que contienen el carácter '/0', relacionado con el valor del estado de registro y un comportamiento erróneo relacionado con el registro RxMaxSize , NOTA: Esta vulnerabilidad se produjo por un arreglo incorrecto de CVE-20091389. • http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://marc.info/?l=linux-netdev&m=126202972828626&w=2 http://marc.info/?t=126202986900002&r=1&w=2 http://secunia.com/advisories/38031 http://secunia.com/advisories/38610 http://secunia.com/advis • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4538 – kernel: e1000e frame fragment issue
https://notcve.org/view.php?id=CVE-2009-4538
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537. drivers/net/e1000e/netdev.c en el driver e1000e en el kernel de Linux v2.6.32.3 y anteriores no comprueba adecuadamente el tamaño de una trama Ethernet que excede el MTU, lo que permite a atacantes remotos conseguir un impacto desconocido a través de paquetes manipulados, un hecho relacionado con CVE-2009-4537. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html http://secunia.com/advisories/38031 http://secunia&# •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2009-4536 – kernel: e1000 issue reported at 26c3
https://notcve.org/view.php?id=CVE-2009-4536
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385. drivers/net/e1000/e1000_main.c en el driver e1000 en el kernel de Linux v2.6.32.3 y anteriores gestiona tramas Ethernet que exceden el MTU procesando con retraso datos como si fuesen tramas completas, lo que permite a atacantes remotos evitar los filtros de paquete con un payload manipulado. NOTA: Esta vulnerabilidad existe debido a un arregle incorrecto de CVE-2009-1385. • http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.h • CWE-189: Numeric Errors •
CVSS: 4.9EPSS: 0%CPEs: 33EXPL: 0CVE-2009-4410
https://notcve.org/view.php?id=CVE-2009-4410
The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors. La función fuse_ioctl_copy_user el manejador ioctl en fs/fuse/file.c en el kernel de Linux v2.6.29-rc1 hasta v2.6.30.y usa la variable incorrecta en un argumento en la función kunmap, lo que permite a usuarios locales causar una denegación de servicio (pánico) a trvés de vectores desconocidos. • http://osvdb.org/61335 http://secunia.com/advisories/37928 http://www.openwall.com/lists/oss-security/2009/12/23/1 http://www.securityfocus.com/bid/37453 https://bugzilla.redhat.com/show_bug.cgi?id=549400 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01344.html •
CVSS: 4.7EPSS: 0%CPEs: 338EXPL: 0CVE-2009-4138 – kernel: firewire: ohci: handle receive packets with a data length of zero
https://notcve.org/view.php?id=CVE-2009-4138
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. drivers/firewire/ohci.c en el kernel de Linux anterior a v2.6.32-git9, cuando se usa el modo packet-per-buffer, permite a usuarios locales provocar una denegación de servicio (deferencia a puntero NULL y caída del sistema) o posiblemente otro impacto desconocido a través de un ioctl sin especificar asociado a cuando se recibe un paquete ISO que contiene Zero en el campo payload-length. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://patchwork.kernel.org/patch/66747 http://secunia.com/advisories/38017 http://secunia.com/advisories/38276 http://support.avaya.com/css/P8/documents/ • CWE-399: Resource Management Errors •