CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2009-68
Linux Kernel Remote Denial of Service Vulnerability

Original Issue Date:June 09, 2009

Severity Rating: Medium

System Affected

Linux kernel versions prior to 2.6.30-rc8

Overview

A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

Description

This vulnerability is caused due to an integer underflow error in the "e1000_clean_rx_irq()" function in drivers/net/e1000/e1000_main.c. This can be exploited to cause a a denial of service (kernel panic) via specially crafted network packets sent to an affected system.

Solution

Fixed in the GIT repository.
http://git.kernel.org/linus/ea30e11970a96cfe5e32c03a
29332554573b4a10

Vendor Information

kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/testing/Change
Log-2.6.30-rc8

References

kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/testing/Change
Log-2.6.30-rc8

bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=502981

SecurityFocus
http://www.securityfocus.com/bid/35185/

Secunia
http://secunia.com/advisories/35265/

CVE Name
CVE-2009-1385

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2009-68 Linux Kernel Remote Denial of Service Vulnerability

CERT-In Vulnerability Note CIVN-2009-68
Linux Kernel Remote Denial of Service Vulnerability