// For flags

CVE-2009-4537

kernel: r8169 issue reported at 26c3

Severity Score

7.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

drivers/net/r8169.c en el driver r8169 en el kernel de Linux v2.6.32.3 y anteriores no comprueba correctamente el tamaño de una trama Ethernet que excede el tamaño MTU, lo que permite a atacantes remotos (1) producir una denegación de servicio (caída temporal de la red) a través de un paquete con un tamaño manipulado, en unión con ciertos paquetes que contienen caracteres "A" y otros paquetes que contienen caracteres "E"; o (2) producir una denegación de servicio (caída del sistema) a través de un paquete con el tamaño manipulado, junto con algunos paquetes que contienen el carácter '/0', relacionado con el valor del estado de registro y un comportamiento erróneo relacionado con el registro RxMaxSize , NOTA: Esta vulnerabilidad se produjo por un arreglo incorrecto de CVE-20091389.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-12-31 CVE Reserved
  • 2010-01-12 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-02 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (31)
URL Tag Source
http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups Third Party Advisory
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html Third Party Advisory
http://marc.info/?l=linux-netdev&m=126202972828626&w=2 Mailing List
http://marc.info/?t=126202986900002&r=1&w=2 Mailing List
http://secunia.com/advisories/38031 Third Party Advisory
http://secunia.com/advisories/38610 Third Party Advisory
http://secunia.com/advisories/39742 Third Party Advisory
http://secunia.com/advisories/39830 Third Party Advisory
http://secunia.com/advisories/40645 Third Party Advisory
http://securitytracker.com/id?1023419 Third Party Advisory
http://twitter.com/dakami/statuses/7104238406 Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/12/28/1 Mailing List
http://www.openwall.com/lists/oss-security/2009/12/29/2 Mailing List
http://www.openwall.com/lists/oss-security/2009/12/31/1 Mailing List
http://www.securityfocus.com/bid/37521 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1857 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/55647 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html 2018-11-16
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html 2018-11-16
http://www.debian.org/security/2010/dsa-2053 2018-11-16
http://www.novell.com/linux/security/advisories/2010_23_kernel.html 2018-11-16
http://www.redhat.com/support/errata/RHSA-2010-0019.html 2018-11-16
http://www.redhat.com/support/errata/RHSA-2010-0020.html 2018-11-16
http://www.redhat.com/support/errata/RHSA-2010-0041.html 2018-11-16
http://www.redhat.com/support/errata/RHSA-2010-0053.html 2018-11-16
http://www.redhat.com/support/errata/RHSA-2010-0111.html 2018-11-16
https://bugzilla.redhat.com/show_bug.cgi?id=550907 2010-02-16
https://rhn.redhat.com/errata/RHSA-2010-0095.html 2018-11-16
https://access.redhat.com/security/cve/CVE-2009-4537 2010-02-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 2.6.32.3
Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.32.3"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 5.0
Search vendor "Debian" for product "Debian Linux" and version "5.0"
-
Affected