CVE-2009-4536

2010-01-1200:00:00

ubuntu.com

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.018 Low

EPSS

Percentile

87.9%

JSON

drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel
2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by
processing certain trailing payload data as if it were a complete frame,
which allows remote attackers to bypass packet filters via a large packet
with a crafted payload. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2009-1385.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4536>

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-27.65UNKNOWN
ubuntu8.10noarchlinux< 2.6.27-17.45UNKNOWN
ubuntu9.04noarchlinux< 2.6.28-18.59UNKNOWN
ubuntu9.10noarchlinux< 2.6.31-19.56UNKNOWN
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-55.82UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	linux	< 2.6.24-27.65	UNKNOWN
ubuntu	8.10	noarch	linux	< 2.6.27-17.45	UNKNOWN
ubuntu	9.04	noarch	linux	< 2.6.28-18.59	UNKNOWN
ubuntu	9.10	noarch	linux	< 2.6.31-19.56	UNKNOWN
ubuntu	6.06	noarch	linux-source-2.6.15	< 2.6.15-55.82	UNKNOWN