Vulnerability CVE-2009-3280 - CERT Civis.Net

Vulnerability Name:

CVE-2009-3280 (CCN-53368)

Assigned:

2009-09-16

Published:

2009-09-16

Updated:

2020-08-06

Summary:

Integer signedness error in the find_ie function in net/wireless/scan.c in the cfg80211 subsystem in the Linux kernel before 2.6.31.1-rc1 allows remote attackers to cause a denial of service (soft lockup) via malformed packets.

CVSS v3 Severity:

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
6.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2009-3280

Source: CONFIRM
Type: Patch, Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fcc6cb0c13555e78c2d47257b6d1b5e59b0c419a

Source: CCN
Type: Linux Kernel GIT Repository
cfg80211: fix looping soft lockup in find_ie() Patchworkß cfg80211: fix looping soft lockup in find_ie()

Source: CONFIRM
Type: Patch, Vendor Advisory
http://patchwork.kernel.org/patch/45106/

Source: CCN
Type: oss-security Mailing List, 16 Sep 07:32
CVE request: kernel: cfg80211: fix looping soft lockup in find_ie()

Source: CCN
Type: SA36763
Linux Kernel Denial of Service and Privilege Escalation

Source: CONFIRM
Type: Patch, Release Notes, Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.31.1-rc1.bz2

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20090916 CVE request: kernel: cfg80211: fix looping soft lockup in find_ie()

Source: CCN
Type: OSVDB ID: 58212
Linux Kernel net/wireless/scan.c find_ie() Function Crafted Packet Infinite Loop Remote DoS

Source: BID
Type: Third Party Advisory, VDB Entry
36421

Source: CCN
Type: BID-36421
Linux Kernel 'find_ie()' Function Remote Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
kernel-findie-dos(53368)

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 2.6.31)

Configuration CCN 1:

cpe:/o:linux:linux_kernel:2.6.30:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30:rc4:x86_32:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.30.3:*:*:*:*:*:*:*

Denotes that component is vulnerable