Vulnerability CVE-2009-4538

Vulnerability CVE-2009-4538

Published: 2010-01-12 Modified: 2012-02-13

Description:

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Linux -> Kernel
Linux -> Linux kernel
Intel -> E1000
Debian -> Debian linux

References:

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html

http://securitytracker.com/id?1023420

http://www.debian.org/security/2010/dsa-1996

http://www.debian.org/security/2010/dsa-2005

http://www.mandriva.com/security/advisories?name=MDVSA-2010:066

http://www.openwall.com/lists/oss-security/2009/12/28/1

http://www.openwall.com/lists/oss-security/2009/12/29/2

http://www.openwall.com/lists/oss-security/2009/12/31/1

http://www.redhat.com/support/errata/RHSA-2010-0019.html

http://www.redhat.com/support/errata/RHSA-2010-0020.html

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.redhat.com/support/errata/RHSA-2010-0053.html

http://www.redhat.com/support/errata/RHSA-2010-0111.html

http://www.securityfocus.com/bid/37523

https://bugzilla.redhat.com/show_bug.cgi?id=551214

https://exchange.xforce.ibmcloud.com/vulnerabilities/55645

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Vulnerability CVE-2009-4538

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

10/10

10/10

10/10

Remote

Low

No required

Complete

Complete

Complete

Affected software

References: