Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-4537 | First vendor Publication | 2010-01-12 |
Vendor | Cve | Last vendor Modification | 2018-11-16 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4537 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7443 | |||
Oval ID: | oval:org.mitre.oval:def:7443 | ||
Title: | Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability | ||
Description: | drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4537 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9439 | |||
Oval ID: | oval:org.mitre.oval:def:9439 | ||
Title: | drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. | ||
Description: | drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4537 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2010:0019 centos5 i386 File : nvt/gb_CESA-2010_0019_kernel_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2010:0147 centos5 i386 File : nvt/gb_CESA-2010_0147_kernel_centos5_i386.nasl |
2010-12-09 | Name : Fedora Update for kernel FEDORA-2010-18432 File : nvt/gb_fedora_2010_18432_kernel_fc12.nasl |
2010-10-01 | Name : SuSE Update for kernel SUSE-SA:2010:046 File : nvt/gb_suse_2010_046.nasl |
2010-09-22 | Name : Fedora Update for kernel FEDORA-2010-14878 File : nvt/gb_fedora_2010_14878_kernel_fc12.nasl |
2010-09-10 | Name : SuSE Update for kernel SUSE-SA:2010:036 File : nvt/gb_suse_2010_036.nasl |
2010-09-07 | Name : Fedora Update for kernel FEDORA-2010-13903 File : nvt/gb_fedora_2010_13903_kernel_fc12.nasl |
2010-08-30 | Name : Fedora Update for kernel FEDORA-2010-13110 File : nvt/gb_fedora_2010_13110_kernel_fc12.nasl |
2010-08-06 | Name : Fedora Update for kernel FEDORA-2010-11412 File : nvt/gb_fedora_2010_11412_kernel_fc12.nasl |
2010-07-23 | Name : SuSE Update for kernel SUSE-SA:2010:031 File : nvt/gb_suse_2010_031.nasl |
2010-07-16 | Name : Fedora Update for kernel FEDORA-2010-10880 File : nvt/gb_fedora_2010_10880_kernel_fc12.nasl |
2010-06-18 | Name : Fedora Update for kernel FEDORA-2010-9209 File : nvt/gb_fedora_2010_9209_kernel_fc12.nasl |
2010-06-07 | Name : Ubuntu Update for linux regression USN-947-2 File : nvt/gb_ubuntu_USN_947_2.nasl |
2010-06-07 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-947-1 File : nvt/gb_ubuntu_USN_947_1.nasl |
2010-06-03 | Name : Debian Security Advisory DSA 2053-1 (linux-2.6) File : nvt/deb_2053_1.nasl |
2010-05-28 | Name : Fedora Update for kernel FEDORA-2010-7779 File : nvt/gb_fedora_2010_7779_kernel_fc12.nasl |
2010-03-31 | Name : Mandriva Update for kernel MDVSA-2010:066 (kernel) File : nvt/gb_mandriva_MDVSA_2010_066.nasl |
2010-03-22 | Name : RedHat Update for kernel RHSA-2010:0147-01 File : nvt/gb_RHSA-2010_0147-01_kernel.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1804 File : nvt/gb_fedora_2010_1804_kernel_fc11.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1787 File : nvt/gb_fedora_2010_1787_kernel_fc12.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1500 File : nvt/gb_fedora_2010_1500_kernel_fc11.nasl |
2010-02-08 | Name : RedHat Update for kernel RHSA-2010:0076-01 File : nvt/gb_RHSA-2010_0076-01_kernel.nasl |
2010-01-20 | Name : SuSE Update for kernel SUSE-SA:2010:005 File : nvt/gb_suse_2010_005.nasl |
2010-01-19 | Name : CentOS Update for kernel CESA-2010:0020 centos4 x86_64 File : nvt/gb_CESA-2010_0020_kernel_centos4_x86_64.nasl |
2010-01-19 | Name : CentOS Update for kernel CESA-2010:0020 centos4 i386 File : nvt/gb_CESA-2010_0020_kernel_centos4_i386.nasl |
2010-01-15 | Name : RedHat Update for kernel RHSA-2010:0020-01 File : nvt/gb_RHSA-2010_0020-01_kernel.nasl |
2010-01-15 | Name : RedHat Update for kernel RHSA-2010:0019-01 File : nvt/gb_RHSA-2010_0019-01_kernel.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61787 | Linux Kernel drivers/net/r8169.c Ethernet Frame MTU Check Weakness Crafted Pa... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
2015-04-23 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16479.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0020.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0076.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0146.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0147.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0148.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0342.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0149.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0111.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0079.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0053.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100316_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100316_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100202_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100107_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100107_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7063.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7015.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6986.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100709.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7059.nasl - Type : ACT_GATHER_INFO |
2010-09-24 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-100921.nasl - Type : ACT_GATHER_INFO |
2010-08-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12636.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-066.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100709.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1500.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1787.nasl - Type : ACT_GATHER_INFO |
2010-06-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-947-1.nasl - Type : ACT_GATHER_INFO |
2010-06-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-947-2.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2053.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0147.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0146.nasl - Type : ACT_GATHER_INFO |
2010-05-07 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7011.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0147.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0146.nasl - Type : ACT_GATHER_INFO |
2010-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0076.nasl - Type : ACT_GATHER_INFO |
2010-02-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0076.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0020.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0020.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:12:08 |
|
2024-02-01 12:03:23 |
|
2023-09-05 12:11:25 |
|
2023-09-05 01:03:14 |
|
2023-09-02 12:11:28 |
|
2023-09-02 01:03:16 |
|
2023-08-12 12:13:29 |
|
2023-08-12 01:03:15 |
|
2023-08-11 12:11:31 |
|
2023-08-11 01:03:23 |
|
2023-08-06 12:11:04 |
|
2023-08-06 01:03:17 |
|
2023-08-04 12:11:09 |
|
2023-08-04 01:03:19 |
|
2023-07-14 12:11:05 |
|
2023-07-14 01:03:17 |
|
2023-03-29 01:12:43 |
|
2023-03-28 12:03:23 |
|
2022-10-11 12:09:53 |
|
2022-10-11 01:03:05 |
|
2022-03-11 01:08:16 |
|
2021-05-04 12:10:39 |
|
2021-04-22 01:11:08 |
|
2020-08-11 12:04:42 |
|
2020-08-08 01:04:45 |
|
2020-08-07 12:04:49 |
|
2020-08-01 12:04:47 |
|
2020-07-30 01:04:55 |
|
2020-05-23 01:41:14 |
|
2020-05-23 00:24:46 |
|
2019-01-25 12:02:58 |
|
2018-11-16 21:19:33 |
|
2018-10-30 12:03:10 |
|
2017-09-19 09:23:32 |
|
2017-08-17 09:22:49 |
|
2016-08-05 12:02:19 |
|
2016-06-29 00:09:06 |
|
2016-06-28 17:56:32 |
|
2016-04-26 19:21:37 |
|
2016-03-09 13:25:54 |
|
2015-04-24 13:28:44 |
|
2014-11-27 13:27:39 |
|
2014-02-17 10:52:49 |
|
2013-05-11 00:03:36 |
|