Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [month] [year] [list] 
Date: Wed, 03 Jun 2009 10:06:54 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>, Greg KH <greg@...ah.com>
Subject: CVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service

e1000 has an issue in which a partial frame can leak through validation
check on reception. This can lead to an underflow in the length
computation of the frame which will panic the system in question.

This bug was discovered and fixed in e1000-7.5.5 since April 2007, but
was somehow not merged in the upstream kernel...

http://sourceforge.net/project/shownotes.php?release_id=504022&group_id=42302
Notes:
 * fix panic on changing MTU under stress
[...]

References:
http://sourceforge.net/projects/e1000
http://git.kernel.org/linus/ea30e11970a96cfe5e32c03a29332554573b4a10
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1385

Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux