CVE-2009-1298

EPSS 2.32%
Published 08.12.2009 23:30:00
Last modified 09.04.2025 00:30:58
Source security@ubuntu.com
Teams watchlist Login
Open Login

The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function.

Affected products Warnungen 0 Metrics 2 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Updaterc8 Version <= 2.6.32

Linux ≫ Linux Kernel Version2.6.28

Linux ≫ Linux Kernel Version2.6.28 Updaterc1

Linux ≫ Linux Kernel Version2.6.28 Updaterc2

Linux ≫ Linux Kernel Version2.6.28 Updaterc3

Linux ≫ Linux Kernel Version2.6.28 Updaterc4

Linux ≫ Linux Kernel Version2.6.28 Updaterc5

Linux ≫ Linux Kernel Version2.6.28 Updaterc6

Linux ≫ Linux Kernel Version2.6.28 Updaterc7

Linux ≫ Linux Kernel Version2.6.28.1

Linux ≫ Linux Kernel Version2.6.28.2

Linux ≫ Linux Kernel Version2.6.28.3

Linux ≫ Linux Kernel Version2.6.28.4

Linux ≫ Linux Kernel Version2.6.28.5

Linux ≫ Linux Kernel Version2.6.28.6

Linux ≫ Linux Kernel Version2.6.28.7

Linux ≫ Linux Kernel Version2.6.28.8

Linux ≫ Linux Kernel Version2.6.28.9

Linux ≫ Linux Kernel Version2.6.28.10

Linux ≫ Linux Kernel Version2.6.29

Linux ≫ Linux Kernel Version2.6.29 Updaterc2

Linux ≫ Linux Kernel Version2.6.29 Updaterc2_git7

Linux ≫ Linux Kernel Version2.6.29 Updaterc8-kk

Linux ≫ Linux Kernel Version2.6.29.1

Linux ≫ Linux Kernel Version2.6.29.2

Linux ≫ Linux Kernel Version2.6.29.3

Linux ≫ Linux Kernel Version2.6.29.4

Linux ≫ Linux Kernel Version2.6.29.5

Linux ≫ Linux Kernel Version2.6.29.6

Linux ≫ Linux Kernel Version2.6.30

Linux ≫ Linux Kernel Version2.6.30 Updaterc1

Linux ≫ Linux Kernel Version2.6.30 Updaterc2

Linux ≫ Linux Kernel Version2.6.30 Updaterc3

Linux ≫ Linux Kernel Version2.6.30 Updaterc4 Editionx86_32

Linux ≫ Linux Kernel Version2.6.30 Updaterc5

Linux ≫ Linux Kernel Version2.6.30 Updaterc6

Linux ≫ Linux Kernel Version2.6.30 Updaterc7-git6

Linux ≫ Linux Kernel Version2.6.30.1

Linux ≫ Linux Kernel Version2.6.30.2

Linux ≫ Linux Kernel Version2.6.30.3

Linux ≫ Linux Kernel Version2.6.30.4

Linux ≫ Linux Kernel Version2.6.30.5

Linux ≫ Linux Kernel Version2.6.30.6

Linux ≫ Linux Kernel Version2.6.30.7

Linux ≫ Linux Kernel Version2.6.30.8

Linux ≫ Linux Kernel Version2.6.30.9

Linux ≫ Linux Kernel Version2.6.31

Linux ≫ Linux Kernel Version2.6.31 Updaterc1

Linux ≫ Linux Kernel Version2.6.31 Updaterc2

Linux ≫ Linux Kernel Version2.6.31 Updaterc3

Linux ≫ Linux Kernel Version2.6.31 Updaterc4

Linux ≫ Linux Kernel Version2.6.31 Updaterc5

Linux ≫ Linux Kernel Version2.6.31 Updaterc6

Linux ≫ Linux Kernel Version2.6.31 Updaterc7

Linux ≫ Linux Kernel Version2.6.31 Updaterc8

Linux ≫ Linux Kernel Version2.6.31.1

Linux ≫ Linux Kernel Version2.6.31.2

Linux ≫ Linux Kernel Version2.6.31.3

Linux ≫ Linux Kernel Version2.6.31.4

Linux ≫ Linux Kernel Version2.6.31.5

Linux ≫ Linux Kernel Version2.6.31.6

Linux ≫ Linux Kernel Version2.6.32

Linux ≫ Linux Kernel Version2.6.32 Updaterc1

Linux ≫ Linux Kernel Version2.6.32 Updaterc3

Linux ≫ Linux Kernel Version2.6.32 Updaterc4

Linux ≫ Linux Kernel Version2.6.32 Updaterc5

Linux ≫ Linux Kernel Version2.6.32 Updaterc6

Linux ≫ Linux Kernel Version2.6.32 Updaterc7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.32%	0.842

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

http://secunia.com/advisories/38017

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=bbf31bf18d34caa87dd01f08bf713635593697f2

http://secunia.com/advisories/37624

Vendor Advisory

http://twitter.com/spendergrsec/statuses/6339560349

http://wiki.rpath.com/Advisories:rPSA-2009-0161

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32

http://www.osvdb.org/60788

http://www.securityfocus.com/archive/1/508517/100/0/threaded

http://www.theregister.co.uk/2009/12/11/linux_kernel_bugs_patched/