Podatność CVE-2009-4538

Podatność CVE-2009-4538

Publikacja: 2010-01-12 Modyfikacja: 2012-02-13

Opis:

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.

Typ:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
10/10	10/10	10/10

Wymagany dostęp	Złożoność ataku	Autoryzacja
Zdalny	Niska	Nie wymagana
Wpływ na poufność	Wpływ na integralność	Wpływ na dostępność
Pełny	Pełny	Pełny

Affected software
Linux -> Kernel
Linux -> Linux kernel
Intel -> E1000
Debian -> Debian linux

Referencje:

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html

http://securitytracker.com/id?1023420

http://www.debian.org/security/2010/dsa-1996

http://www.debian.org/security/2010/dsa-2005

http://www.mandriva.com/security/advisories?name=MDVSA-2010:066

http://www.openwall.com/lists/oss-security/2009/12/28/1

http://www.openwall.com/lists/oss-security/2009/12/29/2

http://www.openwall.com/lists/oss-security/2009/12/31/1

http://www.redhat.com/support/errata/RHSA-2010-0019.html

http://www.redhat.com/support/errata/RHSA-2010-0020.html

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.redhat.com/support/errata/RHSA-2010-0053.html

http://www.redhat.com/support/errata/RHSA-2010-0111.html

http://www.securityfocus.com/bid/37523

https://bugzilla.redhat.com/show_bug.cgi?id=551214

https://exchange.xforce.ibmcloud.com/vulnerabilities/55645

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Podatność CVE-2009-4538

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

10/10

10/10

10/10

Zdalny

Niska

Nie wymagana

Pełny

Pełny

Pełny

Affected software

Referencje: