CVE-2009-4538

NameCVE-2009-4538
Descriptiondrivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1996-1, DSA-2005-1
NVD severityhigh (attack range: remote)
Debian Bugs564114
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux-2.6 (PTS)squeeze (security), squeeze2.6.32-48squeeze6fixed
squeeze (lts)2.6.32-48squeeze11fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linux-2.6source(unstable)2.6.32-6low564114
linux-2.6sourceetch(not affected)
linux-2.6sourcelenny2.6.26-21lenny3highDSA-1996-1
linux-2.6.24source(unstable)(unfixed)low
linux-2.6.24sourceetch2.6.24-6~etchnhalf.9etch3highDSA-2005-1

Notes

[etch] - linux-2.6 <not-affected> (does not have e1000e driver)
just like CVE-2009-4536 but was reported later

Search for package or bug name: Reporting problems