5.1 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.055 Low
EPSS
Percentile
93.1%
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing ‘\0’ characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
CPE | Name | Operator | Version |
---|---|---|---|
linux:linux_kernel | linux linux kernel | le | 2.6.32.3 |
debian:debian_linux | debian debian linux | eq | 5.0 |
blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/
events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
marc.info/?l=linux-netdev&m=126202972828626&w=2
marc.info/?t=126202986900002&r=1&w=2
secunia.com/advisories/38031
secunia.com/advisories/38610
secunia.com/advisories/39742
secunia.com/advisories/39830
secunia.com/advisories/40645
securitytracker.com/id?1023419
twitter.com/dakami/statuses/7104238406
www.debian.org/security/2010/dsa-2053
www.novell.com/linux/security/advisories/2010_23_kernel.html
www.openwall.com/lists/oss-security/2009/12/28/1
www.openwall.com/lists/oss-security/2009/12/29/2
www.openwall.com/lists/oss-security/2009/12/31/1
www.redhat.com/support/errata/RHSA-2010-0019.html
www.redhat.com/support/errata/RHSA-2010-0020.html
www.redhat.com/support/errata/RHSA-2010-0041.html
www.redhat.com/support/errata/RHSA-2010-0053.html
www.redhat.com/support/errata/RHSA-2010-0111.html
www.securityfocus.com/bid/37521
www.vupen.com/english/advisories/2010/1857
bugzilla.redhat.com/show_bug.cgi?id=550907
exchange.xforce.ibmcloud.com/vulnerabilities/55647
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439
rhn.redhat.com/errata/RHSA-2010-0095.html
More