Home > Vulnerability Database > CVE-2009-4537

Mend.io Vulnerability Database

CVE-2009-4537

Date: January 12, 2010

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

Severity Score

7.5

Related Resources (34)

Url: http://secunia.com/advisories/39742

Url: http://www.openwall.com/lists/oss-security/2009/12/31/1

Url: http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/

Url: http://secunia.com/advisories/38610

Url: http://www.redhat.com/support/errata/RHSA-2010-0020.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4537

Url: http://www.openwall.com/lists/oss-security/2009/12/28/1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439

Url: http://www.redhat.com/support/errata/RHSA-2010-0111.html

Url: http://www.openwall.com/lists/oss-security/2009/12/29/2

Url: http://www.redhat.com/support/errata/RHSA-2010-0053.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/55647

Url: http://marc.info/?t=126202986900002&r=1&w=2

Url: http://www.novell.com/linux/security/advisories/2010_23_kernel.html

Url: http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html

Url: http://www.redhat.com/support/errata/RHSA-2010-0041.html

Url: http://www.redhat.com/support/errata/RHSA-2010-0019.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html

Url: http://secunia.com/advisories/39830

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-4537

Url: http://www.vupen.com/english/advisories/2010/1857

Url: http://twitter.com/dakami/statuses/7104238406

Url: https://bugzilla.redhat.com/show_bug.cgi?id=550907

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443

Url: https://access.redhat.com/security/cve/CVE-2009-4537

Url: http://www.securityfocus.com/bid/37521

Url: http://www.debian.org/security/2010/dsa-2053

Url: https://rhn.redhat.com/errata/RHSA-2010-0095.html

Url: http://secunia.com/advisories/38031

Url: http://securitytracker.com/id?1023419

Url: http://marc.info/?l=linux-netdev&m=126202972828626&w=2

Url: http://secunia.com/advisories/40645

Url: http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html

Url: https://www.mend.io/vulnerability-database/CVE-2009-4537

Severity Score

7.5

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-4537

Date: January 12, 2010

Severity Score

Related Resources (34)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?