Vulnerability Details : CVE-2009-4537

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
Publish Date : 2010-01-12 Last Update Date : 2018-11-16

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	7.8
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of Service
CWE ID	20

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	important	7.1	AV:N/AC:M/Au:N/C:N/I:N/A:C	2009-12-28	2009-12-28

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Family
CVE-2009-4537	oval:org.opensuse.security:def:20094537	unix
DEPRECATED: ELSA-2010-0019 -- kernel security update (important)	oval:org.mitre.oval:def:28255	unix
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an ...	oval:org.mitre.oval:def:9439	unix
DSA-2053-1 linux-2.6 -- privilege escalation/denial of service/information leak	oval:org.mitre.oval:def:13587	unix
ELSA-2010:0019: kernel security update (Important)	oval:org.mitre.oval:def:22036	unix
Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability	oval:org.mitre.oval:def:7443	unix
RHSA-2010:0019: kernel security update (Important)	oval:org.mitre.oval:def:22178	unix
RHSA-2010:0019: kernel security update (Important)	oval:com.redhat.rhsa:def:20100019	unix
RHSA-2010:0020: kernel security update (Important)	oval:com.redhat.rhsa:def:20100020	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2009-4537

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	OS	Debian	Debian Linux	5.0				Version Details Vulnerabilities
2	OS	Linux	Linux Kernel	2.6.32.3				Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Debian	Debian Linux	1
Linux	Linux Kernel	1

- References For CVE-2009-4537

https://rhn.redhat.com/errata/RHSA-2010-0095.html
REDHAT RHSA-2010:0095

https://exchange.xforce.ibmcloud.com/vulnerabilities/55647
XF kernel-r8169-dos(55647)

https://bugzilla.redhat.com/show_bug.cgi?id=550907 CONFIRM

http://www.vupen.com/english/advisories/2010/1857
VUPEN ADV-2010-1857

http://www.securityfocus.com/bid/37521
BID 37521 Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability Release Date:2010-09-23

http://www.redhat.com/support/errata/RHSA-2010-0041.html
REDHAT RHSA-2010:0041

http://www.redhat.com/support/errata/RHSA-2010-0053.html
REDHAT RHSA-2010:0053

http://www.openwall.com/lists/oss-security/2009/12/28/1
MLIST [oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389

http://www.openwall.com/lists/oss-security/2009/12/29/2
MLIST [oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389

http://www.openwall.com/lists/oss-security/2009/12/31/1
MLIST [oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389

http://www.redhat.com/support/errata/RHSA-2010-0019.html
REDHAT RHSA-2010:0019

http://www.redhat.com/support/errata/RHSA-2010-0020.html
REDHAT RHSA-2010:0020

http://www.redhat.com/support/errata/RHSA-2010-0111.html
REDHAT RHSA-2010:0111

http://securitytracker.com/id?1023419
SECTRACK 1023419

http://marc.info/?t=126202986900002&r=1&w=2 CONFIRM

http://www.debian.org/security/2010/dsa-2053
DEBIAN DSA-2053

http://www.novell.com/linux/security/advisories/2010_23_kernel.html
SUSE SUSE-SA:2010:023

http://twitter.com/dakami/statuses/7104238406

http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/

http://marc.info/?l=linux-netdev&m=126202972828626&w=2
MLIST [linux-netdev] 20091228 [PATCH RFC] r8169: straighten out overlength frame detection

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
SUSE SUSE-SA:2010:031

http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
FEDORA FEDORA-2010-1787

- Metasploit Modules Related To CVE-2009-4537

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)