Executive Summary

Informations
Name CVE-2009-3613 First vendor Publication 2009-10-19
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3613

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10209
 
Oval ID: oval:org.mitre.oval:def:10209
Title: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Description: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3613
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13588
 
Oval ID: oval:org.mitre.oval:def:13588
Title: DSA-1915-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Description: Notice: Debian 5.0.4, the next point release of Debian "lenny", will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2695 Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. CVE-2009-2903 Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. CVE-2009-2908 Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service by causing a dentry value to go negative. CVE-2009-2909 Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt can result in a denial of service. CVE-2009-2910 Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. CVE-2009-3001 Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. CVE-2009-3002 Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP, NET/ROM, Acorn Econet/AUN, and Controller Area Network implementations. Local users can exploit these issues to gain access to kernel memory. CVE-2009-3286 Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. CVE-2009-3290 Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service and read or write guest kernel memory. CVE-2009-3613 Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service by transmitting a large amount of jumbo frames. For the stable distribution, this problem has been fixed in version 2.6.26-19lenny1. For the oldstable distribution, these problems, where applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+19lenny1
Family: unix Class: patch
Reference(s): DSA-1915-1
CVE-2009-2695
CVE-2009-2903
CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
CVE-2009-3001
CVE-2009-3002
CVE-2009-3286
CVE-2009-3290
CVE-2009-3613
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22999
 
Oval ID: oval:org.mitre.oval:def:22999
Title: ELSA-2009:1548: kernel security and bug fix update (Important)
Description: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Family: unix Class: patch
Reference(s): ELSA-2009:1548-01
CVE-2009-2695
CVE-2009-2908
CVE-2009-3228
CVE-2009-3286
CVE-2009-3547
CVE-2009-3613
 Version: 29
Platform(s): Oracle Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29269
 
Oval ID: oval:org.mitre.oval:def:29269
Title: RHSA-2009:1548 -- kernel security and bug fix update (Important)
Description: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system.
Family: unix Class: patch
Reference(s): RHSA-2009:1548
CESA-2009:1548-CentOS 5
CVE-2009-2695
CVE-2009-2908
CVE-2009-3228
CVE-2009-3286
CVE-2009-3547
CVE-2009-3613
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7377
 
Oval ID: oval:org.mitre.oval:def:7377
Title: Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability
Description: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3613
 Version: 5
Platform(s): VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7639
 
Oval ID: oval:org.mitre.oval:def:7639
Title: DSA-1915 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Description: Notice: Debian 5.0.4, the next point release of Debian "lenny", will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. Additional information about this change, including instructions for making this change locally in advance of 5.0.4 (recommended), can be found at: http://wiki.debian.org/mmap_min_addr. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp "N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service (kernel oops) by causing a dentry value to go negative. Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt() can result in a denial of service (kernel oops). Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementations. Local users can exploit these issues to gain access to kernel memory. Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service (IOMMU space exhaustion and system crash) by transmitting a large amount of jumbo frames.
Family: unix Class: patch
Reference(s): DSA-1915
CVE-2009-2695
CVE-2009-2903
CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
CVE-2009-3001
CVE-2009-3002
CVE-2009-3286
CVE-2009-3290
CVE-2009-3613
 Version: 3
Platform(s): Debian GNU/Linux 5.0
 Product(s): linux-2.6
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1054

OpenVAS Exploits

Date Description
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1548 centos5 i386
File : nvt/gb_CESA-2009_1548_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1671 centos4 i386
File : nvt/gb_CESA-2009_1671_kernel_centos4_i386.nasl
2009-12-30 Name : RedHat Security Advisory RHSA-2009:1671
File : nvt/RHSA_2009_1671.nasl
2009-12-30 Name : CentOS Security Advisory CESA-2009:1671 (kernel)
File : nvt/ovcesa2009_1671.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1540
File : nvt/RHSA_2009_1540.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1548
File : nvt/RHSA_2009_1548.nasl
2009-11-11 Name : Debian Security Advisory DSA 1928-1 (linux-2.6.24)
File : nvt/deb_1928_1.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1548 (kernel)
File : nvt/ovcesa2009_1548.nasl
2009-10-27 Name : Debian Security Advisory DSA 1915-1 (linux-2.6)
File : nvt/deb_1915_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
59068 Linux Kernel drivers/net/r8169.c r8169 Driver swiotlb Functionality Jumbo Fra...

Linux Kernel Driver r8169 contains a flaw that may allow a remote denial of service. The issue is triggered when an error in the 'swiotlb' functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel occurs and will allow remote and local attackers to cause a denial or service attack that results in IOMMU space exhaustion and system crash by using jumbo frames for a large amount of network traffic, and will result in loss of availability for the platform.

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0004_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0033.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1671.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1541.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1548.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1548.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1541.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2013-03-06 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091103_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091215_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6730.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-03-05 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1915.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1928.nasl - Type : ACT_GATHER_INFO
2009-12-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6726.nasl - Type : ACT_GATHER_INFO
2009-12-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1671.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1671.nasl - Type : ACT_GATHER_INFO
2009-12-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-869-1.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-864-1.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1548.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1541.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/36706
CONFIRM http://bugzilla.kernel.org/show_bug.cgi?id=9468
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.22
https://bugzilla.redhat.com/show_bug.cgi?id=529137
MISC http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...
MLIST http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://marc.info/?l=oss-security&m=125561712529352&w=2
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2009-1671.html
https://rhn.redhat.com/errata/RHSA-2009-1540.html
https://rhn.redhat.com/errata/RHSA-2009-1548.html
SECUNIA http://secunia.com/advisories/37909
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
SUSE http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
UBUNTU http://www.ubuntu.com/usn/usn-864-1
VUPEN http://www.vupen.com/english/advisories/2010/0528

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Date Informations
2024-02-02 01:11:45
  • Multiple Updates
2024-02-01 12:03:17
  • Multiple Updates
2023-09-05 12:11:00
  • Multiple Updates
2023-09-05 01:03:08
  • Multiple Updates
2023-09-02 12:11:06
  • Multiple Updates
2023-09-02 01:03:09
  • Multiple Updates
2023-08-12 12:13:03
  • Multiple Updates
2023-08-12 01:03:09
  • Multiple Updates
2023-08-11 12:11:08
  • Multiple Updates
2023-08-11 01:03:17
  • Multiple Updates
2023-08-06 12:10:43
  • Multiple Updates
2023-08-06 01:03:11
  • Multiple Updates
2023-08-04 12:10:48
  • Multiple Updates
2023-08-04 01:03:12
  • Multiple Updates
2023-07-14 12:10:45
  • Multiple Updates
2023-07-14 01:03:10
  • Multiple Updates
2023-03-29 01:12:19
  • Multiple Updates
2023-03-28 12:03:16
  • Multiple Updates
2023-02-13 09:29:17
  • Multiple Updates
2022-10-11 12:09:34
  • Multiple Updates
2022-10-11 01:02:59
  • Multiple Updates
2022-03-11 01:08:00
  • Multiple Updates
2021-05-04 12:10:18
  • Multiple Updates
2021-04-22 01:10:43
  • Multiple Updates
2020-08-08 01:04:36
  • Multiple Updates
2020-08-01 12:04:38
  • Multiple Updates
2020-07-30 01:04:46
  • Multiple Updates
2020-05-23 01:40:58
  • Multiple Updates
2020-05-23 00:24:26
  • Multiple Updates
2019-01-25 12:02:53
  • Multiple Updates
2018-10-30 12:03:05
  • Multiple Updates
2017-09-19 09:23:27
  • Multiple Updates
2016-08-05 12:02:14
  • Multiple Updates
2016-06-29 00:07:31
  • Multiple Updates
2016-06-28 17:51:41
  • Multiple Updates
2016-04-26 19:11:38
  • Multiple Updates
2016-03-09 13:25:54
  • Multiple Updates
2014-11-27 13:27:37
  • Multiple Updates
2014-02-17 10:51:57
  • Multiple Updates
2013-05-10 23:59:28
  • Multiple Updates