Package: linux-2.6
Version: 2.6.32-4
Severity: serious
Tags: security
Fabian Yamaguchi made a presentation at 26C3
<http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html> which
included a bug in r8169 reintroduced by:
commit fdd7b4c3302c93f6833e338903ea77245eb510b4
Author: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue Jun 9 04:01:02 2009 -0700
r8169: fix crash when large packets are received
On some older r8169 controllers this will enable scattering on receive,
and the first word of the second and subsequent RX buffers for a frame
will wrongly be treated as a status word. This can be used for denial
of service at the very least.
There is ongoing discussion on netdev about how to fix this. In the
mean time we should get a CVE number for this.
Ben.
-- System Information:
Debian Release: squeeze/sid
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'unstable'), (500,
'stable'), (1, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
Ben Hutchings
To err is human; to really foul things up requires a computer.
Attachment:
signature.asc
Description: This is a digitally signed message part