Vulnerability-Lookup

CVE-2009-4536 (GCVE-0-2009-4536)

Vulnerability from cvelistv5 – Published: 2010-01-12 17:00 – Updated: 2024-08-07 07:08

Summary

drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/35265	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/38276	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?t=126203102000001&r=1&w=2	x_refsource_CONFIRM
	http://securitytracker.com/id?1023420	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-01…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/38779	third-party-advisoryx_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=552126	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/38296	third-party-advisoryx_refsource_SECUNIA
	http://blog.c22.cc/2009/12/27/26c3-cat-procsysnet…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-00…	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-08…	vendor-advisoryx_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.debian.org/security/2010/dsa-1996	vendor-advisoryx_refsource_DEBIAN
	http://www.redhat.com/support/errata/RHSA-2010-00…	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2009/12/28/1	mailing-listx_refsource_MLIST
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/bid/37519	vdb-entryx_refsource_BID
	http://www.openwall.com/lists/oss-security/2009/12/29/2	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://events.ccc.de/congress/2009/Fahrplan/event…	x_refsource_MISC
	https://rhn.redhat.com/errata/RHSA-2010-0095.html	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2009/12/31/1	mailing-listx_refsource_MLIST
	http://www.redhat.com/support/errata/RHSA-2010-00…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/38031	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/38610	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.debian.org/security/2010/dsa-2005	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-00…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/38492	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:08:37.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35265",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35265"
          },
          {
            "name": "38276",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38276"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2"
          },
          {
            "name": "1023420",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023420"
          },
          {
            "name": "oval:org.mitre.oval:def:13226",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226"
          },
          {
            "name": "SUSE-SA:2010:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
          },
          {
            "name": "RHSA-2010:0111",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
          },
          {
            "name": "38779",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38779"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552126"
          },
          {
            "name": "oval:org.mitre.oval:def:12440",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440"
          },
          {
            "name": "oval:org.mitre.oval:def:10607",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607"
          },
          {
            "name": "38296",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38296"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/"
          },
          {
            "name": "SUSE-SA:2010:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
          },
          {
            "name": "RHSA-2010:0053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
          },
          {
            "name": "SUSE-SA:2010:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
          },
          {
            "name": "RHSA-2010:0882",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
          },
          {
            "name": "kernel-e1000main-security-bypass(55648)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55648"
          },
          {
            "name": "DSA-1996",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-1996"
          },
          {
            "name": "RHSA-2010:0019",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
          },
          {
            "name": "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/12/28/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
          },
          {
            "name": "FEDORA-2010-1787",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
          },
          {
            "name": "37519",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37519"
          },
          {
            "name": "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/12/29/2"
          },
          {
            "name": "SUSE-SA:2010:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
          },
          {
            "name": "RHSA-2010:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "name": "SUSE-SA:2010:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
          },
          {
            "name": "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/12/31/1"
          },
          {
            "name": "RHSA-2010:0020",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
          },
          {
            "name": "38031",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38031"
          },
          {
            "name": "38610",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38610"
          },
          {
            "name": "oval:org.mitre.oval:def:7453",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453"
          },
          {
            "name": "DSA-2005",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2005"
          },
          {
            "name": "SUSE-SA:2010:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
          },
          {
            "name": "RHSA-2010:0041",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
          },
          {
            "name": "38492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38492"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "35265",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35265"
        },
        {
          "name": "38276",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38276"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2"
        },
        {
          "name": "1023420",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023420"
        },
        {
          "name": "oval:org.mitre.oval:def:13226",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226"
        },
        {
          "name": "SUSE-SA:2010:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
        },
        {
          "name": "RHSA-2010:0111",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
        },
        {
          "name": "38779",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38779"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552126"
        },
        {
          "name": "oval:org.mitre.oval:def:12440",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440"
        },
        {
          "name": "oval:org.mitre.oval:def:10607",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607"
        },
        {
          "name": "38296",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38296"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/"
        },
        {
          "name": "SUSE-SA:2010:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
        },
        {
          "name": "RHSA-2010:0053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
        },
        {
          "name": "SUSE-SA:2010:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
        },
        {
          "name": "RHSA-2010:0882",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
        },
        {
          "name": "kernel-e1000main-security-bypass(55648)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55648"
        },
        {
          "name": "DSA-1996",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-1996"
        },
        {
          "name": "RHSA-2010:0019",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
        },
        {
          "name": "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/12/28/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
        },
        {
          "name": "FEDORA-2010-1787",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
        },
        {
          "name": "37519",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37519"
        },
        {
          "name": "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/12/29/2"
        },
        {
          "name": "SUSE-SA:2010:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
        },
        {
          "name": "RHSA-2010:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
        },
        {
          "name": "SUSE-SA:2010:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
        },
        {
          "name": "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/12/31/1"
        },
        {
          "name": "RHSA-2010:0020",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
        },
        {
          "name": "38031",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38031"
        },
        {
          "name": "38610",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38610"
        },
        {
          "name": "oval:org.mitre.oval:def:7453",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453"
        },
        {
          "name": "DSA-2005",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2005"
        },
        {
          "name": "SUSE-SA:2010:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
        },
        {
          "name": "RHSA-2010:0041",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
        },
        {
          "name": "38492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38492"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4536",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35265",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35265"
            },
            {
              "name": "38276",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38276"
            },
            {
              "name": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2",
              "refsource": "CONFIRM",
              "url": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2"
            },
            {
              "name": "1023420",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023420"
            },
            {
              "name": "oval:org.mitre.oval:def:13226",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226"
            },
            {
              "name": "SUSE-SA:2010:007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
            },
            {
              "name": "RHSA-2010:0111",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
            },
            {
              "name": "38779",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38779"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=552126",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552126"
            },
            {
              "name": "oval:org.mitre.oval:def:12440",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440"
            },
            {
              "name": "oval:org.mitre.oval:def:10607",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607"
            },
            {
              "name": "38296",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38296"
            },
            {
              "name": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/",
              "refsource": "MISC",
              "url": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/"
            },
            {
              "name": "SUSE-SA:2010:012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
            },
            {
              "name": "RHSA-2010:0053",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
            },
            {
              "name": "SUSE-SA:2010:014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
            },
            {
              "name": "RHSA-2010:0882",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
            },
            {
              "name": "kernel-e1000main-security-bypass(55648)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55648"
            },
            {
              "name": "DSA-1996",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-1996"
            },
            {
              "name": "RHSA-2010:0019",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
            },
            {
              "name": "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/12/28/1"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
            },
            {
              "name": "FEDORA-2010-1787",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
            },
            {
              "name": "37519",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37519"
            },
            {
              "name": "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/12/29/2"
            },
            {
              "name": "SUSE-SA:2010:013",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
            },
            {
              "name": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html",
              "refsource": "MISC",
              "url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
            },
            {
              "name": "RHSA-2010:0095",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "SUSE-SA:2010:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
            },
            {
              "name": "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/12/31/1"
            },
            {
              "name": "RHSA-2010:0020",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
            },
            {
              "name": "38031",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38031"
            },
            {
              "name": "38610",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38610"
            },
            {
              "name": "oval:org.mitre.oval:def:7453",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453"
            },
            {
              "name": "DSA-2005",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-2005"
            },
            {
              "name": "SUSE-SA:2010:010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
            },
            {
              "name": "RHSA-2010:0041",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
            },
            {
              "name": "38492",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38492"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4536",
    "datePublished": "2010-01-12T17:00:00.000Z",
    "dateReserved": "2009-12-31T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:08:37.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-F8HP-66PW-JMC7

Vulnerability from github – Published: 2022-05-02 03:55 – Updated: 2025-04-09 04:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-4536"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-01-12T17:30:00Z",
    "severity": "HIGH"
  },
  "details": "drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.",
  "id": "GHSA-f8hp-66pw-jmc7",
  "modified": "2025-04-09T04:18:04Z",
  "published": "2022-05-02T03:55:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4536"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552126"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55648"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "type": "WEB",
      "url": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups"
    },
    {
      "type": "WEB",
      "url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35265"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38031"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38276"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38296"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38492"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38610"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38779"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023420"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-1996"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2005"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/12/28/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/12/29/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/12/31/1"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37519"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-4536

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-4536

Aliases

CVE-2009-4536

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-4536",
    "description": "drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.",
    "id": "GSD-2009-4536",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-4536.html",
      "https://www.debian.org/security/2010/dsa-2005",
      "https://www.debian.org/security/2010/dsa-2003",
      "https://www.debian.org/security/2010/dsa-1996",
      "https://access.redhat.com/errata/RHSA-2010:0882",
      "https://access.redhat.com/errata/RHSA-2010:0111",
      "https://access.redhat.com/errata/RHSA-2010:0095",
      "https://access.redhat.com/errata/RHSA-2010:0079",
      "https://access.redhat.com/errata/RHSA-2010:0053",
      "https://access.redhat.com/errata/RHSA-2010:0041",
      "https://access.redhat.com/errata/RHSA-2010:0020",
      "https://access.redhat.com/errata/RHSA-2010:0019",
      "https://linux.oracle.com/cve/CVE-2009-4536.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-4536"
      ],
      "details": "drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.",
      "id": "GSD-2009-4536",
      "modified": "2023-12-13T01:19:45.811497Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-4536",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "35265",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35265"
          },
          {
            "name": "38276",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38276"
          },
          {
            "name": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2",
            "refsource": "CONFIRM",
            "url": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2"
          },
          {
            "name": "1023420",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023420"
          },
          {
            "name": "oval:org.mitre.oval:def:13226",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226"
          },
          {
            "name": "SUSE-SA:2010:007",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
          },
          {
            "name": "RHSA-2010:0111",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
          },
          {
            "name": "38779",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38779"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=552126",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552126"
          },
          {
            "name": "oval:org.mitre.oval:def:12440",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440"
          },
          {
            "name": "oval:org.mitre.oval:def:10607",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607"
          },
          {
            "name": "38296",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38296"
          },
          {
            "name": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/",
            "refsource": "MISC",
            "url": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/"
          },
          {
            "name": "SUSE-SA:2010:012",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
          },
          {
            "name": "RHSA-2010:0053",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
          },
          {
            "name": "SUSE-SA:2010:014",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
          },
          {
            "name": "RHSA-2010:0882",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
          },
          {
            "name": "kernel-e1000main-security-bypass(55648)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55648"
          },
          {
            "name": "DSA-1996",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2010/dsa-1996"
          },
          {
            "name": "RHSA-2010:0019",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
          },
          {
            "name": "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2009/12/28/1"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
          },
          {
            "name": "FEDORA-2010-1787",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
          },
          {
            "name": "37519",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37519"
          },
          {
            "name": "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2009/12/29/2"
          },
          {
            "name": "SUSE-SA:2010:013",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
          },
          {
            "name": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html",
            "refsource": "MISC",
            "url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
          },
          {
            "name": "RHSA-2010:0095",
            "refsource": "REDHAT",
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "name": "SUSE-SA:2010:005",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
          },
          {
            "name": "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2009/12/31/1"
          },
          {
            "name": "RHSA-2010:0020",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
          },
          {
            "name": "38031",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38031"
          },
          {
            "name": "38610",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38610"
          },
          {
            "name": "oval:org.mitre.oval:def:7453",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453"
          },
          {
            "name": "DSA-2005",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2010/dsa-2005"
          },
          {
            "name": "SUSE-SA:2010:010",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
          },
          {
            "name": "RHSA-2010:0041",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
          },
          {
            "name": "38492",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38492"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.6.32.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4536"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38031",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/38031"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=552126",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552126"
            },
            {
              "name": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/"
            },
            {
              "name": "35265",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/35265"
            },
            {
              "name": "37519",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/37519"
            },
            {
              "name": "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/12/29/2"
            },
            {
              "name": "RHSA-2010:0020",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
            },
            {
              "name": "RHSA-2010:0019",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
            },
            {
              "name": "1023420",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1023420"
            },
            {
              "name": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2"
            },
            {
              "name": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
            },
            {
              "name": "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/12/31/1"
            },
            {
              "name": "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/12/28/1"
            },
            {
              "name": "RHSA-2010:0041",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
            },
            {
              "name": "RHSA-2010:0095",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "RHSA-2010:0111",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
            },
            {
              "name": "SUSE-SA:2010:013",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
            },
            {
              "name": "SUSE-SA:2010:012",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
            },
            {
              "name": "SUSE-SA:2010:010",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
            },
            {
              "name": "DSA-1996",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2010/dsa-1996"
            },
            {
              "name": "FEDORA-2010-1787",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
            },
            {
              "name": "38492",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/38492"
            },
            {
              "name": "38276",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/38276"
            },
            {
              "name": "SUSE-SA:2010:005",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
            },
            {
              "name": "SUSE-SA:2010:007",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
            },
            {
              "name": "38296",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/38296"
            },
            {
              "name": "DSA-2005",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2010/dsa-2005"
            },
            {
              "name": "RHSA-2010:0053",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
            },
            {
              "name": "38610",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/38610"
            },
            {
              "name": "SUSE-SA:2010:014",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
            },
            {
              "name": "38779",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/38779"
            },
            {
              "name": "RHSA-2010:0882",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
            },
            {
              "name": "kernel-e1000main-security-bypass(55648)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55648"
            },
            {
              "name": "oval:org.mitre.oval:def:7453",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453"
            },
            {
              "name": "oval:org.mitre.oval:def:13226",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226"
            },
            {
              "name": "oval:org.mitre.oval:def:12440",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440"
            },
            {
              "name": "oval:org.mitre.oval:def:10607",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-11-16T15:51Z",
      "publishedDate": "2010-01-12T17:30Z"
    }
  }
}

CERTA-2011-AVI-330

Vulnerability from certfr_avis - Published: 2011-06-06 - Updated: 2011-06-06

De nombreuses vulnérabilités ont été corrigées dans les produits VMWare, dont certaines peuvent permettre l'exécution de code arbitraire à distance.

Description

De nombreuses vulnérabilités ont été corrigées dans les produits VMWare :

une vulnérabilité dans le pilote pour les cartes Intel PRO/1000 sous Linux, qui peut être exploitée pour contourner les filtres réseaux ;
plusieurs vulnérabilités dans des composants tiers du serveur ESX permettent à un utilisateur local malveillant d'élever ses privilèges, à un attaquant sous certaines conditions d'exécuter du code arbitraire à distance, et à un attaquant de créer des dénis de service localement ou à distance ;
plusieurs vulnérabilités dans le système de fichiers Host Guest (HGFS) pour les systèmes Unix peuvent être exploitées par un attaquant dans la machine cliente pour obtenir des informations sur l'existence de fichiers sur la machine hôte, et pour élever ses privilèges (notamment par un accès concurrentiel type "Race Condition" en montant un répertoire) ;
une vulnérabilité dans les contrôles ActiveX du client VI permet à un attaquant d'exécuter du code arbitraire à distance à l'aide d'un site Web spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMWare Workstation versions 7.1.3 et antérieures ;
VMware	N/A	VMWare Player versions 3.1.3 et antérieures ;
VMware	ESXi	ESXi 3.5 sans les correctifs ESXe350-201105401-SG et ESXe350-201105402-T-SG ;
VMware	ESXi	ESXi 4.0 sans le correctif ESX400-201104401-BG ;
VMware	Fusion	VMWare Fusion versions 3.1.2 et antérieures ;
VMware	ESXi	ESXi 4.1 sans le correctif ESX410-201104401-BG ;
VMware	ESXi	ESXi 4.0 sans le correctif ESXi400-201104402-BG ;
VMware	ESXi	ESXi 4.1 sans le correctif ESXi410-201104402-BG ;
VMware	ESXi	ESXi 3.5 sans les correctifs ESX350-201105401-SG, ESXe350-201105404-SG et ESXe350-201105406-SG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2011-0009 du 06 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMWare Workstation versions 7.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare Player versions 3.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 3.5 sans les correctifs ESXe350-201105401-SG et ESXe350-201105402-T-SG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.0 sans le correctif ESX400-201104401-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare Fusion versions 3.1.2 et ant\u00e9rieures ;",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.1 sans le correctif ESX410-201104401-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.0 sans le correctif ESXi400-201104402-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.1 sans le correctif ESXi410-201104402-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 3.5 sans les correctifs ESX350-201105401-SG, ESXe350-201105404-SG et ESXe350-201105406-SG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMWare\n:\n\n-   une vuln\u00e9rabilit\u00e9 dans le pilote pour les cartes Intel PRO/1000 sous\n    Linux, qui peut \u00eatre exploit\u00e9e pour contourner les filtres r\u00e9seaux ;\n-   plusieurs vuln\u00e9rabilit\u00e9s dans des composants tiers du serveur ESX\n    permettent \u00e0 un utilisateur local malveillant d\u0027\u00e9lever ses\n    privil\u00e8ges, \u00e0 un attaquant sous certaines conditions d\u0027ex\u00e9cuter du\n    code arbitraire \u00e0 distance, et \u00e0 un attaquant de cr\u00e9er des d\u00e9nis de\n    service localement ou \u00e0 distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s dans le syst\u00e8me de fichiers Host Guest\n    (HGFS) pour les syst\u00e8mes Unix peuvent \u00eatre exploit\u00e9es par un\n    attaquant dans la machine cliente pour obtenir des informations sur\n    l\u0027existence de fichiers sur la machine h\u00f4te, et pour \u00e9lever ses\n    privil\u00e8ges (notamment par un acc\u00e8s concurrentiel type \"Race\n    Condition\" en montant un r\u00e9pertoire) ;\n-   une vuln\u00e9rabilit\u00e9 dans les contr\u00f4les ActiveX du client VI permet \u00e0\n    un attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance \u00e0 l\u0027aide d\u0027un\n    site Web sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2240"
    },
    {
      "name": "CVE-2011-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1787"
    },
    {
      "name": "CVE-2011-2145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2145"
    },
    {
      "name": "CVE-2009-3080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3080"
    },
    {
      "name": "CVE-2011-2217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2217"
    },
    {
      "name": "CVE-2009-4536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4536"
    },
    {
      "name": "CVE-2010-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1188"
    },
    {
      "name": "CVE-2011-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2146"
    }
  ],
  "initial_release_date": "2011-06-06T00:00:00",
  "last_revision_date": "2011-06-06T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-330",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMWare,\ndont certaines peuvent permettre l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMWare",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0009 du 06 juin 2011",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    }
  ]
}

CERTA-2010-AVI-018

Vulnerability from certfr_avis - Published: 2010-01-14 - Updated: 2010-01-14

De multiples vulnérabilités dans le noyau Red Hat Linux permettent à un utilisateur d'effectuer un déni de service à distance.

Description

De multiples vulnérabilités dans le noyau Red Hat Linux permettent à un utilisateur d'effectuer un déni de service à distance.

Les composants du noyau affectés sont :

gestion de l'entête d'extension IPV6 ;
les pilotes e1000 et e1000e ;
le pilote Realtek r8169.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Desktop (v. 5 client);
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux EUS (v. 5.4.z serveur).
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux (v. 5 serveur);

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2010:0019-1	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2010:0019 du 07 janvier 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux Desktop (v. 5 client);",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux EUS (v. 5.4.z serveur).",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux (v. 5 serveur);",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans le noyau Red Hat Linux permettent \u00e0 un\nutilisateur d\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n\nLes composants du noyau affect\u00e9s sont :\n\n-   gestion de l\u0027ent\u00eate d\u0027extension IPV6 ;\n-   les pilotes e1000 et e1000e ;\n-   le pilote Realtek r8169.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-4567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4567"
    },
    {
      "name": "CVE-2009-4536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4536"
    },
    {
      "name": "CVE-2009-4537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4537"
    },
    {
      "name": "CVE-2009-4538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4538"
    }
  ],
  "initial_release_date": "2010-01-14T00:00:00",
  "last_revision_date": "2010-01-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2010:0019 du 07 janvier    2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0019.html"
    }
  ],
  "reference": "CERTA-2010-AVI-018",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans le noyau Red Hat Linux permettent \u00e0 un\nutilisateur d\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Red Hat Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2010:0019-1",
      "url": null
    }
  ]
}

FKIE_CVE-2009-4536

Vulnerability from fkie_nvd - Published: 2010-01-12 17:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/	Third Party Advisory
cve@mitre.org	http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html	Third Party Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html	Mailing List, Third Party Advisory
cve@mitre.org	http://marc.info/?t=126203102000001&r=1&w=2	Mailing List, Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/35265	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/38031	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/38276	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/38296	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/38492	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/38610	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/38779	Third Party Advisory
cve@mitre.org	http://securitytracker.com/id?1023420	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.debian.org/security/2010/dsa-1996	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2010/dsa-2005	Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2009/12/28/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2009/12/29/2	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2009/12/31/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2010-0019.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2010-0020.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2010-0041.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2010-0053.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2010-0111.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2010-0882.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37519	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2011-0009.html	Third Party Advisory
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=552126	Issue Tracking, Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/55648	Third Party Advisory, VDB Entry
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607	Third Party Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440	Third Party Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226	Third Party Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453	Third Party Advisory
cve@mitre.org	https://rhn.redhat.com/errata/RHSA-2010-0095.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?t=126203102000001&r=1&w=2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35265	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38031	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38276	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38296	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38492	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38610	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38779	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023420	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-1996	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2005	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/12/28/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/12/29/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/12/31/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0019.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0041.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0053.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0111.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0882.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37519	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0009.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=552126	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/55648	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2010-0095.html	Third Party Advisory

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
debian	debian_linux	4.0
debian	debian_linux	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B96A7A6C-B8C0-4BAD-B1C1-779C58012EA0",
              "versionEndIncluding": "2.6.32.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385."
    },
    {
      "lang": "es",
      "value": "drivers/net/e1000/e1000_main.c en el driver e1000 en el kernel de Linux v2.6.32.3 y anteriores gestiona tramas Ethernet que exceden el MTU procesando con retraso datos como si fuesen tramas completas, lo que permite a atacantes remotos evitar los filtros de paquete con un payload manipulado. NOTA: Esta vulnerabilidad existe debido a un arregle incorrecto de CVE-2009-1385."
    }
  ],
  "id": "CVE-2009-4536",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-01-12T17:30:00.697",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35265"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38031"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38276"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38296"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38492"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38610"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38779"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1023420"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-1996"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2005"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/12/28/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/12/29/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/12/31/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/37519"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552126"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55648"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?t=126203102000001\u0026r=1\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38610"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1023420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-1996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/12/28/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/12/29/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/12/31/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/37519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-4536 (GCVE-0-2009-4536)

GHSA-F8HP-66PW-JMC7

GSD-2009-4536

CERTA-2011-AVI-330

Description

Solution

CERTA-2010-AVI-018

Description

Solution

FKIE_CVE-2009-4536

Tags

Sightings

Nomenclature