vendor:
Kernel
by:
Jon Oberheide
7,8
CVSS
HIGH
Remote Denial of Service (DoS)
476
CWE
Product Name: Kernel
Affected Version From: 2.6.30
Affected Version To: 2.6.30.4
Patch Exists: YES
Related CWE: CVE-2009-1389
CPE: 2.6.30
Metasploit:
https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-1389-1/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-4537/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4537/, https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0009-1-service-console-update-cve-2009-4537/, https://www.rapid7.com/db/vulnerabilities/vmsa-2009-0016-5-updated-service-console-package-kernel-cve-2009-1389/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1457/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-1389/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-1389/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1157/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2009
Linux Kernel < 2.6.30.5 cfg80211 Remote DoS
This vulnerability is caused by a NULL pointer dereference in the Linux kernel's cfg80211 module. It is triggered when a victim scans and receives a beacon frame that does not contain a SSID IE and then receives another one that does have a SSID IE. This should only affect the 2.6.30 series.
Mitigation:
Upgrade to Linux kernel version 2.6.30.5 or later.