Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 303759 - Kernel: r8169 multiple issues (CVE-2009-4537)
Summary: Kernel: r8169 multiple issues (CVE-2009-4537)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://marc.info/?l=linux-netdev&m=12...
Whiteboard: [linux <2.6.34]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-02-06 15:35 UTC by Stefan Behte (RETIRED)
Modified: 2013-09-15 20:00 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-02-06 15:35:27 UTC
CVE-2009-4537 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4537):
  drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3
  and earlier does not properly check the size of an Ethernet frame
  that exceeds the MTU, which allows remote attackers to (1) cause a
  denial of service (temporary network outage) via a packet with a
  crafted size, in conjunction with certain packets containing A
  characters and certain packets containing E characters; or (2) cause
  a denial of service (system crash) via a packet with a crafted size,
  in conjunction with certain packets containing '\0' characters,
  related to the value of the status register and erroneous behavior
  associated with the RxMaxSize register.  NOTE: this vulnerability
  exists because of an incorrect fix for CVE-2009-1389.
Comment 1 Bjoern Tropf (RETIRED) gentoo-dev 2010-02-07 09:16:06 UTC
@Kernel: This Patch has not (yet) found its way to the mainline.