Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.

References

• https://nvd.nist.gov/vuln/detail/CVE-2009-2903
• https://bugzilla.redhat.com/show_bug.cgi?id=522331
• http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commit;h=ffcfb8db540ff879c2a85bf7e404954281443414
• http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
• http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
• http://secunia.com/advisories/36707
• http://secunia.com/advisories/37105
• http://secunia.com/advisories/37909
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:329
• http://www.openwall.com/lists/oss-security/2009/09/14/1
• http://www.openwall.com/lists/oss-security/2009/09/14/2
• http://www.openwall.com/lists/oss-security/2009/09/17/11
• http://www.securityfocus.com/bid/36379
• http://www.ubuntu.com/usn/USN-852-1
• https://access.redhat.com/security/cve/CVE-2009-2903
• http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git%3Ba=commit%3Bh=ffcfb8db540ff879c2a85bf7e404954281443414