Published: 12/01/2010 Updated: 16/11/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and previous versions does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote malicious users to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 5.0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4537 Fabian Yamaguchi reported a missing check for Ethernet frames larger than the MTU in the r8169 driver This may allo ...

Multiple flaws in the Linux kernel ...

KVM regressed under some conditions in the Linux kernel ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security Response Team ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 47 Extended Update SupportThis update has been rated as having important security impact by the RedHat Securit ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and two bugs arenow available for Red Hat Enterprise Linux 53 Extended Update SupportThis update has been rated as having important security imp ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and three bugsare now available for Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Securi ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 52 Extended Update SupportThis update has been rated as having important security ...

CWE-20 http://securitytracker.com/id?1023419 http://www.redhat.com/support/errata/RHSA-2010-0019.html http://secunia.com/advisories/38031 http://www.openwall.com/lists/oss-security/2009/12/29/2 http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/http://www.openwall.com/lists/oss-security/2009/12/31/1 https://bugzilla.redhat.com/show_bug.cgi?id=550907 http://www.redhat.com/support/errata/RHSA-2010-0020.html http://marc.info/?t=126202986900002&r=1&w=2 http://marc.info/?l=linux-netdev&m=126202972828626&w=2 http://www.securityfocus.com/bid/37521 http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html http://www.openwall.com/lists/oss-security/2009/12/28/1 http://twitter.com/dakami/statuses/7104238406 http://www.redhat.com/support/errata/RHSA-2010-0041.html https://rhn.redhat.com/errata/RHSA-2010-0095.html http://www.redhat.com/support/errata/RHSA-2010-0111.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html http://www.redhat.com/support/errata/RHSA-2010-0053.html http://secunia.com/advisories/38610 http://www.novell.com/linux/security/advisories/2010_23_kernel.html http://secunia.com/advisories/39742 http://secunia.com/advisories/39830 http://www.debian.org/security/2010/dsa-2053 http://secunia.com/advisories/40645 http://www.vupen.com/english/advisories/2010/1857 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html https://exchange.xforce.ibmcloud.com/vulnerabilities/55647 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443 https://www.debian.org/security/./dsa-2053 https://nvd.nist.gov https://usn.ubuntu.com/947-1/

CVE-2009-4537

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect