cvelistv5 - cve-2009-3613

CVE-2009-3613 (GCVE-0-2009-3613)

Vulnerability from cvelistv5

Published

2009-10-19 19:27

Modified

2024-08-07 06:31

Severity ?

CWE

Summary

The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.

References

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10209	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2009-1671.html	vendor-advisory, x_refsource_REDHAT
	http://marc.info/?l=oss-security&m=125561712529352&w=2	mailing-list, x_refsource_MLIST
	https://rhn.redhat.com/errata/RHSA-2009-1540.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7377	vdb-entry, signature, x_refsource_OVAL
	http://www.ubuntu.com/usn/usn-864-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/38794	third-party-advisory, x_refsource_SECUNIA
	http://lists.vmware.com/pipermail/security-announce/2010/000082.html	mailing-list, x_refsource_MLIST
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97d477a914b146e7e6722ded21afa79886ae8ccd	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=529137	x_refsource_CONFIRM
	http://secunia.com/advisories/37909	third-party-advisory, x_refsource_SECUNIA
	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.22	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	https://rhn.redhat.com/errata/RHSA-2009-1548.html	vendor-advisory, x_refsource_REDHAT
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a866bbf6aacf95f849810079442a20be118ce905	x_refsource_CONFIRM
	http://secunia.com/advisories/38834	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/36706	vdb-entry, x_refsource_BID
	http://bugzilla.kernel.org/show_bug.cgi?id=9468	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0528	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:10209",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10209"
          },
          {
            "name": "RHSA-2009:1671",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html"
          },
          {
            "name": "[oss-security] 20091015 Re: CVE request kernel: flood ping cause",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125561712529352\u0026w=2"
          },
          {
            "name": "RHSA-2009:1540",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7377",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7377"
          },
          {
            "name": "USN-864-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-864-1"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97d477a914b146e7e6722ded21afa79886ae8ccd"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529137"
          },
          {
            "name": "37909",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37909"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.22"
          },
          {
            "name": "SUSE-SA:2009:064",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
          },
          {
            "name": "RHSA-2009:1548",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a866bbf6aacf95f849810079442a20be118ce905"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "36706",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36706"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.kernel.org/show_bug.cgi?id=9468"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:10209",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10209"
        },
        {
          "name": "RHSA-2009:1671",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html"
        },
        {
          "name": "[oss-security] 20091015 Re: CVE request kernel: flood ping cause",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125561712529352\u0026w=2"
        },
        {
          "name": "RHSA-2009:1540",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7377",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7377"
        },
        {
          "name": "USN-864-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-864-1"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97d477a914b146e7e6722ded21afa79886ae8ccd"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529137"
        },
        {
          "name": "37909",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37909"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.22"
        },
        {
          "name": "SUSE-SA:2009:064",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
        },
        {
          "name": "RHSA-2009:1548",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a866bbf6aacf95f849810079442a20be118ce905"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "36706",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36706"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.kernel.org/show_bug.cgi?id=9468"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-3613",
    "datePublished": "2009-10-19T19:27:00.000Z",
    "dateReserved": "2009-10-09T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:31:10.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-106

Vulnerability from certfr_avis

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware vMA 4.0 sans le patch 3.
VMware	N/A	VMware ESX 3.0.3 ;
VMware	N/A	VMware ESX 3.5 ;
VMware	N/A	VMware ESX 2.5.5 ;
VMware	N/A	VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 03 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware vMA 4.0 sans le patch 3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 2.5.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
    },
    {
      "name": "CVE-2009-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1387"
    },
    {
      "name": "CVE-2009-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
    },
    {
      "name": "CVE-2009-2849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2849"
    },
    {
      "name": "CVE-2009-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3916"
    },
    {
      "name": "CVE-2009-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3613"
    },
    {
      "name": "CVE-2009-4022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2009-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3620"
    },
    {
      "name": "CVE-2009-1189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
    },
    {
      "name": "CVE-2009-3228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3228"
    },
    {
      "name": "CVE-2009-3547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
    },
    {
      "name": "CVE-2009-2695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2695"
    },
    {
      "name": "CVE-2008-4316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4316"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2008-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3916"
    },
    {
      "name": "CVE-2009-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1386"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-3286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3286"
    },
    {
      "name": "CVE-2008-4552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4552"
    },
    {
      "name": "CVE-2009-3612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3612"
    },
    {
      "name": "CVE-2009-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3621"
    },
    {
      "name": "CVE-2009-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
    },
    {
      "name": "CVE-2009-2904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2904"
    },
    {
      "name": "CVE-2009-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2908"
    },
    {
      "name": "CVE-2009-3726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3726"
    }
  ],
  "initial_release_date": "2010-03-04T00:00:00",
  "last_revision_date": "2010-03-04T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-106",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me ou d\u0027entraver son bon fonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 03 mars 2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-3613 (GCVE-0-2009-3613)

Vulnerability from cvelistv5

CERTA-2010-AVI-106

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature