Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 303757 (CVE-2009-4536) - Kernel: e1000 trailing payload data (CVE-2009-{4536,4538})
Summary: Kernel: e1000 trailing payload data (CVE-2009-{4536,4538})
Status: RESOLVED FIXED
Alias: CVE-2009-4536
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [linux <2.6.33]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-02-06 15:34 UTC by Stefan Behte (RETIRED)
Modified: 2013-09-15 18:51 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-02-06 15:34:10 UTC
CVE-2009-4536 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4536):
  drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux
  kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the
  MTU by processing certain trailing payload data as if it were a
  complete frame, which allows remote attackers to bypass packet
  filters via a large packet with a crafted payload.  NOTE: this
  vulnerability exists because of an incorrect fix for CVE-2009-1385.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-02-06 15:41:38 UTC
CVE-2009-4538 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4538):
  drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel
  2.6.32.3 and earlier does not properly check the size of an Ethernet
  frame that exceeds the MTU, which allows remote attackers to have an
  unspecified impact via crafted packets, a related issue to
  CVE-2009-4537.

Comment 3 Bjoern Tropf (RETIRED) gentoo-dev 2010-02-07 09:31:27 UTC
...fixed during 2.6.33-rc6. (As far as I can tell, 2.6.32.7 is still affected)