Vulnerability Details : CVE-2009-1298

The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function.

Vulnerability category: OverflowMemory CorruptionDenial of service

Published 2009-12-08 23:30:00

Updated 2018-10-10 19:35:50

Source Canonical Ltd.

View at NVD, CVE.org

Threat overview for CVE-2009-1298

Top countries where our scanners detected CVE-2009-1298

Top open port discovered on systems with this issue 52869

IPs affected by CVE-2009-1298 15,549

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2009-1298!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2009-1298

Probability of exploitation activity in the next 30 days: 28.33%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-1298

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2009-1298

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2009-1298

Red Hat 2009-12-09

Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include upstream commit 7c73a6fa that introduced the problem.

References for CVE-2009-1298

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32

CVEs referencing this url
http://wiki.rpath.com/Advisories:rPSA-2009-0161
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=bbf31bf18d34caa87dd01f08bf713635593697f2
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2010:001) - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00496.html
http://www.securityfocus.com/archive/1/508517/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00453.html
http://www.ubuntu.com/usn/USN-869-1

CVEs referencing this url
http://www.theregister.co.uk/2009/12/11/linux_kernel_bugs_patched/

CVEs referencing this url
http://twitter.com/spendergrsec/statuses/6339560349
http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

Mandriva

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=544144

Products affected by CVE-2009-1298

Linux » Linux Kernel » Update RC8
Versions up to, including, (<=) 2.6.32
cpe:2.3:o:linux:linux_kernel:*:rc8:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC2
cpe:2.3:o:linux:linux_kernel:2.6.28:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC3
cpe:2.3:o:linux:linux_kernel:2.6.28:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28
cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC1
cpe:2.3:o:linux:linux_kernel:2.6.28:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC4
cpe:2.3:o:linux:linux_kernel:2.6.28:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC5
cpe:2.3:o:linux:linux_kernel:2.6.28:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC6
cpe:2.3:o:linux:linux_kernel:2.6.28:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC7
cpe:2.3:o:linux:linux_kernel:2.6.28:rc7:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.1
cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.2
cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.3
cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.4
cpe:2.3:o:linux:linux_kernel:2.6.28.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.5
cpe:2.3:o:linux:linux_kernel:2.6.28.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.6
cpe:2.3:o:linux:linux_kernel:2.6.28.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.8
cpe:2.3:o:linux:linux_kernel:2.6.28.8:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.7
cpe:2.3:o:linux:linux_kernel:2.6.28.7:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.9
cpe:2.3:o:linux:linux_kernel:2.6.28.9:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30
cpe:2.3:o:linux:linux_kernel:2.6.30:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.29 Update Rc8-kk
cpe:2.3:o:linux:linux_kernel:2.6.29:rc8-kk:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30 Update RC1
cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.29
cpe:2.3:o:linux:linux_kernel:2.6.29:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.29.2
cpe:2.3:o:linux:linux_kernel:2.6.29.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.10
cpe:2.3:o:linux:linux_kernel:2.6.28.10:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.29.3
cpe:2.3:o:linux:linux_kernel:2.6.29.3:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.29.4
cpe:2.3:o:linux:linux_kernel:2.6.29.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.29.5
cpe:2.3:o:linux:linux_kernel:2.6.29.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.29.6
cpe:2.3:o:linux:linux_kernel:2.6.29.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.29.1
cpe:2.3:o:linux:linux_kernel:2.6.29.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30 Update RC3
cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30.2
cpe:2.3:o:linux:linux_kernel:2.6.30.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30 Update RC2
cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30 Update RC5
cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31 Update RC6
cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31 Update RC5
cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31.6
cpe:2.3:o:linux:linux_kernel:2.6.31.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31 Update RC7
cpe:2.3:o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.32 Update RC4
cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.32 Update RC5
cpe:2.3:o:linux:linux_kernel:2.6.32:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30 Update Rc7-git6
cpe:2.3:o:linux:linux_kernel:2.6.30:rc7-git6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30 Update RC4 X86 32 Edition
cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:x86_32:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30.3
cpe:2.3:o:linux:linux_kernel:2.6.30.3:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30 Update RC6
cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31.2
cpe:2.3:o:linux:linux_kernel:2.6.31.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31.4
cpe:2.3:o:linux:linux_kernel:2.6.31.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31
cpe:2.3:o:linux:linux_kernel:2.6.31:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31.5
cpe:2.3:o:linux:linux_kernel:2.6.31.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.32 Update RC1
cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.32 Update RC3
cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30.9
cpe:2.3:o:linux:linux_kernel:2.6.30.9:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30.4
cpe:2.3:o:linux:linux_kernel:2.6.30.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30.7
cpe:2.3:o:linux:linux_kernel:2.6.30.7:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30.5
cpe:2.3:o:linux:linux_kernel:2.6.30.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31.1
cpe:2.3:o:linux:linux_kernel:2.6.31.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31.3
cpe:2.3:o:linux:linux_kernel:2.6.31.3:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31 Update RC1
cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31 Update RC2
cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.32 Update RC7
cpe:2.3:o:linux:linux_kernel:2.6.32:rc7:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.29 Update RC2
cpe:2.3:o:linux:linux_kernel:2.6.29:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.29 Update Rc2 Git7
cpe:2.3:o:linux:linux_kernel:2.6.29:rc2_git7:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30.6
cpe:2.3:o:linux:linux_kernel:2.6.30.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30.8
cpe:2.3:o:linux:linux_kernel:2.6.30.8:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.30.1
cpe:2.3:o:linux:linux_kernel:2.6.30.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31 Update RC4
cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31 Update RC3
cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.31 Update RC8
cpe:2.3:o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.32 Update RC6
cpe:2.3:o:linux:linux_kernel:2.6.32:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.32
cpe:2.3:o:linux:linux_kernel:2.6.32:*:*:*:*:*:*:*
Matching versions