Veracode Vulnerability DatabaseVERACODE:23944Denial Of Service (DoS)
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
The kernel is vulnerable to Denial Of Service (DoS). A flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service.
References
blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/
events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html
lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
marc.info/?t=126203102000001&r=1&w=2
secunia.com/advisories/35265
secunia.com/advisories/38031
secunia.com/advisories/38276
secunia.com/advisories/38296
secunia.com/advisories/38492
secunia.com/advisories/38610
secunia.com/advisories/38779
securitytracker.com/id?1023420
www.debian.org/security/2010/dsa-1996
www.debian.org/security/2010/dsa-2005
www.openwall.com/lists/oss-security/2009/12/28/1
www.openwall.com/lists/oss-security/2009/12/29/2
www.openwall.com/lists/oss-security/2009/12/31/1
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0019.html
www.redhat.com/support/errata/RHSA-2010-0020.html
www.redhat.com/support/errata/RHSA-2010-0041.html
www.redhat.com/support/errata/RHSA-2010-0053.html
www.redhat.com/support/errata/RHSA-2010-0111.html
www.redhat.com/support/errata/RHSA-2010-0882.html
www.securityfocus.com/bid/37519
www.vmware.com/security/advisories/VMSA-2011-0009.html
access.redhat.com/errata/RHSA-2010:0019
bugzilla.redhat.com/show_bug.cgi?id=552126
exchange.xforce.ibmcloud.com/vulnerabilities/55648
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453
rhn.redhat.com/errata/RHSA-2010-0095.html
Related
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C