| Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability CVE-2009-2136
Solaris: denial of service via Gigabit Ethernet IPv4
Synthesis of the vulnerability
| A LAN attacker can send a Gigabit Ethernet frame in order to stop the system. |
Severity: 2/4.
Consequences: data flow.
Provenance: LAN.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 19/06/2009.
|
Impacted products
Description of the vulnerability
The "ce" driver implements the support of Cassini Gigabit Ethernet network adapters. These adapters can receive jumbo Ethernet frames.
The IPv4 checksum is computed by the system or by the adapter.
An attacker can send a jumbo frame, where the data size is smaller than the frame size. The system then has to recompute the checksum because the "len" (length) field was updated in the packet. However, if the checksum was computed by the adapter, an error occurs in the ip_ocsum_long() assembler function when the system recomputes the checksum.
An attacker located on a network supporting jumbo frames can therefore send an invalid frame in order to generate a denial of service.
This vulnerability is similar to VIGILANCE-VUL-9004. |
Characteristics
Title: Solaris: denial of service via Gigabit Ethernet IPv4
Identifiers: 257008, 6803523, BID-35439, CVE-2009-2136, VIGILANCE-VUL-8810.
Pointed by: VIGILANCE-VUL-9004.
Url: https://vigilance.fr/tree/1/8810
|
Information sources
Solutions for this vulnerability
|