drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing β\0β characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/
events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
marc.info/?l=linux-netdev&m=126202972828626&w=2
marc.info/?t=126202986900002&r=1&w=2
secunia.com/advisories/38031
secunia.com/advisories/38610
secunia.com/advisories/39742
secunia.com/advisories/39830
secunia.com/advisories/40645
securitytracker.com/id?1023419
twitter.com/dakami/statuses/7104238406
www.debian.org/security/2010/dsa-2053
www.novell.com/linux/security/advisories/2010_23_kernel.html
www.openwall.com/lists/oss-security/2009/12/28/1
www.openwall.com/lists/oss-security/2009/12/29/2
www.openwall.com/lists/oss-security/2009/12/31/1
www.redhat.com/support/errata/RHSA-2010-0019.html
www.redhat.com/support/errata/RHSA-2010-0020.html
www.redhat.com/support/errata/RHSA-2010-0041.html
www.redhat.com/support/errata/RHSA-2010-0053.html
www.redhat.com/support/errata/RHSA-2010-0111.html
www.securityfocus.com/bid/37521
www.vupen.com/english/advisories/2010/1857
bugzilla.redhat.com/show_bug.cgi?id=550907
exchange.xforce.ibmcloud.com/vulnerabilities/55647
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439
rhn.redhat.com/errata/RHSA-2010-0095.html