Bug#532376: r8169: network buffer overflow

To: Ben Hutchings <ben@decadent.org.uk>, 532376@bugs.debian.org
Subject: Bug#532376: r8169: network buffer overflow
From: Thijs Kinkhorst <thijs@debian.org>
Date: Tue, 9 Jun 2009 08:17:43 +0200
Message-id: <[🔎] 200906090817.45199.thijs@debian.org>
Reply-to: Thijs Kinkhorst <thijs@debian.org>, 532376@bugs.debian.org
In-reply-to: <[🔎] 20090608221620.22159.22343.reportbug@localhost.localdomain>
References: <[🔎] 20090608221620.22159.22343.reportbug@localhost.localdomain>

On tiisdei 9 Juny 2009, Ben Hutchings wrote:
> Package: linux-2.6
> Version: 2.6.29-5
> Severity: critical
> Tags: security patch
>
> Some or all NICs supported by r8169 seem to ignore the buffer sizes in
> RX descriptors, and will write up to the global maximum frame size.
> This means a remote attacker can overflow RX buffers, probably
> allowing for code injection.  This should be fixed by the patch posted
> in:
>
> http://article.gmane.org/gmane.linux.network/130114

This is CVE-2009-1389.

The severity of this issue is still debated.


Thijs

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Bug#532376: r8169: network buffer overflow
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Processed: Re: Bug#532153: [Pkg-samba-maint] Bug#532153: Bug#532153: smbfs: fsetxattr fails with smbmount from Debian/amd64 to Debian/i386
Next by Date: Processed: tagging 529312
Previous by thread: Bug#532376: r8169: network buffer overflow
Next by thread: Bug#499527: marked as done (linux-image-2.6.26-1-686: Kernel Oops with Belkin 54g USB wireless network adapter)
Index(es):
- Date
- Thread