Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability alert CVE-2009-1389

Linux kernel: denial of service via rtl8169

Synthesis of the vulnerability

An attacker can send a long packet in order to stop systems with the rtl8169 driver.
Severity: 2/4.
Creation date: 10/06/2009.

Impacted products

Description of the vulnerability

The rtl8169 driver implements the support of network adapters of the Realtek RTL81xx suite. These adapters can receive Ethernet frames with a size of 16383 bytes (jumbo frames).

However, the rtl8169 driver only supports 1500 bytes. Longer frames generate an overflow.

An attacker located on a network supporting jumbo frames can therefore send a long frame in order to generate a denial of service, and possibly to execute code.

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

Linux kernel: denial of service via rtl8169

Characteristics

Title: Linux kernel: denial of service via rtl8169.
Keywords: 1500 16383 Ethernet Linux RTL81xx Realtek denial kernel rtl8169 service.
Identifiers: BID-35281, CERTA-2010-AVI-031, CTX123192, CTX123453, CTX123673, CVE-2009-1389, DSA 1844-1, DSA 1865-1, FEDORA-2009-6768, FEDORA-2009-6846, FEDORA-2009-6883, MDVSA-2009:148, openSUSE-SU-2010:0664-1, RHSA-2009:1157-01, RHSA-2009:1193-01, RHSA-2009:1211-01, RHSA-2009:1457-01, RHSA-2009:1469-01, SUSE-SA:2009:038, SUSE-SA:2009:045, SUSE-SA:2010:031, SUSE-SA:2010:036, SUSE-SA:2010:046, SUSE-SU-2011:0928-1, VIGILANCE-VUL-8786, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5.

Information sources

Publications and announces
Source example: r8169: fix crash when large packets are received

Solutions for this vulnerability

Patch or workaround

Supplements

Attack

Exploit 0day or proof of concept

Computer vulnerabilities tracking service

Vigil@nce provides computers vulnerabilities announces. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française