CVE-2009-4536 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2009-4536

CVE-2009-4536

January 12, 2010

drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.

Related Resources (40)

http://secunia.com/advisories/38492

http://secunia.com/advisories/38276

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html

http://secunia.com/advisories/35265

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226

http://secunia.com/advisories/38779

http://marc.info/?t=126203102000001&r=1&w=2

http://www.openwall.com/lists/oss-security/2009/12/31/1

http://www.debian.org/security/2010/dsa-2005

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html

http://securitytracker.com/id?1023420

http://www.redhat.com/support/errata/RHSA-2010-0053.html

http://secunia.com/advisories/38031

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

http://secunia.com/advisories/38610

https://exchange.xforce.ibmcloud.com/vulnerabilities/55648

https://rhn.redhat.com/errata/RHSA-2010-0095.html

https://bugzilla.redhat.com/show_bug.cgi?id=552126

http://www.openwall.com/lists/oss-security/2009/12/29/2

http://www.openwall.com/lists/oss-security/2009/12/28/1

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

http://www.redhat.com/support/errata/RHSA-2010-0020.html

http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453

http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.securityfocus.com/bid/37519

http://secunia.com/advisories/38296

http://www.redhat.com/support/errata/RHSA-2010-0111.html

https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4536

http://www.vmware.com/security/advisories/VMSA-2011-0009.html

https://access.redhat.com/security/cve/CVE-2009-4536

http://www.redhat.com/support/errata/RHSA-2010-0882.html

http://www.debian.org/security/2010/dsa-1996

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html

http://www.redhat.com/support/errata/RHSA-2010-0019.html

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

CVSS v2

Base Score:

7.8

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

EPSS

Base Score:

1.59