Vulnerabilidad en RTL8169 NIC (driversnetr8169.c) en el kernel de Linux (CVE-2009-1389)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-119
Restricción de operaciones inapropiada dentro de los límites del búfer de la memoria
Fecha de publicación:
16/06/2009
Última modificación:
09/04/2025
Descripción
Desbordamiento de memoria en el driver RTL8169 NIC (drivers/net/r8169.c) en el kernel de Linux anteriores a v2.6.30 permite a atacantes remotos producir una denegación de servicio (consumo de memoria del kernel y caída) a través de un paquete largo.
Impacto
Puntuación base 2.0
7.80
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:linux:kernel:2.6.24.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:linux:kernel:2.6.25.15:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.2.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:*:64-bit_x86:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:*:itanium_ia64_montecito:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommitdiff%3Bh%3Dfdd7b4c3302c93f6833e338903ea77245eb510b4
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
- http://lkml.org/lkml/2009/6/8/194
- http://marc.info/?l=linux-netdev&m=123462461713724&w=2
- http://secunia.com/advisories/35265
- http://secunia.com/advisories/35566
- http://secunia.com/advisories/35847
- http://secunia.com/advisories/36045
- http://secunia.com/advisories/36051
- http://secunia.com/advisories/36131
- http://secunia.com/advisories/36327
- http://secunia.com/advisories/37298
- http://secunia.com/advisories/37471
- http://secunia.com/advisories/40645
- http://support.avaya.com/css/P8/documents/100067254
- http://support.citrix.com/article/CTX123453
- http://wiki.rpath.com/Advisories:rPSA-2009-0111
- http://www.debian.org/security/2009/dsa-1844
- http://www.debian.org/security/2009/dsa-1865
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A148
- http://www.openwall.com/lists/oss-security/2009/06/10/1
- http://www.redhat.com/support/errata/RHSA-2009-1157.html
- http://www.redhat.com/support/errata/RHSA-2009-1193.html
- http://www.securityfocus.com/archive/1/505254/100/0/threaded
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/bid/35281
- http://www.securitytracker.com/id?1023507=
- http://www.ubuntu.com/usn/usn-807-1
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/3316
- http://www.vupen.com/english/advisories/2010/0219
- http://www.vupen.com/english/advisories/2010/1857
- https://bugzilla.redhat.com/show_bug.cgi?id=504726
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51051
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10415
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8108
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01048.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01094.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01193.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommitdiff%3Bh%3Dfdd7b4c3302c93f6833e338903ea77245eb510b4
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
- http://lkml.org/lkml/2009/6/8/194
- http://marc.info/?l=linux-netdev&m=123462461713724&w=2
- http://secunia.com/advisories/35265
- http://secunia.com/advisories/35566
- http://secunia.com/advisories/35847
- http://secunia.com/advisories/36045
- http://secunia.com/advisories/36051
- http://secunia.com/advisories/36131
- http://secunia.com/advisories/36327
- http://secunia.com/advisories/37298
- http://secunia.com/advisories/37471
- http://secunia.com/advisories/40645
- http://support.avaya.com/css/P8/documents/100067254
- http://support.citrix.com/article/CTX123453
- http://wiki.rpath.com/Advisories:rPSA-2009-0111
- http://www.debian.org/security/2009/dsa-1844
- http://www.debian.org/security/2009/dsa-1865
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A148
- http://www.openwall.com/lists/oss-security/2009/06/10/1
- http://www.redhat.com/support/errata/RHSA-2009-1157.html
- http://www.redhat.com/support/errata/RHSA-2009-1193.html
- http://www.securityfocus.com/archive/1/505254/100/0/threaded
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/bid/35281
- http://www.securitytracker.com/id?1023507=
- http://www.ubuntu.com/usn/usn-807-1
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/3316
- http://www.vupen.com/english/advisories/2010/0219
- http://www.vupen.com/english/advisories/2010/1857
- https://bugzilla.redhat.com/show_bug.cgi?id=504726
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51051
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10415
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8108
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01048.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01094.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01193.html