Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 303757 (CVE-2009-4536)

Summary: Kernel: e1000 trailing payload data (CVE-2009-{4536,4538})
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=40a14deaf411592b57cb0720f0e8004293ab9865
Whiteboard: [linux <2.6.33]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-02-06 15:34:10 UTC 
CVE-2009-4536 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4536):
  drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux
  kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the
  MTU by processing certain trailing payload data as if it were a
  complete frame, which allows remote attackers to bypass packet
  filters via a large packet with a crafted payload.  NOTE: this
  vulnerability exists because of an incorrect fix for CVE-2009-1385.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-02-06 15:41:38 UTC 
CVE-2009-4538 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4538):
  drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel
  2.6.32.3 and earlier does not properly check the size of an Ethernet
  frame that exceeds the MTU, which allows remote attackers to have an
  unspecified impact via crafted packets, a related issue to
  CVE-2009-4537.
Comment 3 Bjoern Tropf (RETIRED) gentoo-dev 2010-02-07 09:31:27 UTC 
...fixed during 2.6.33-rc6. (As far as I can tell, 2.6.32.7 is still affected)