CVE-2010-4243

Vulnerability Description

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
• http://grsecurity.net/~spender/64bit_dos.cBroken Link
• http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.htmlBroken Link
• http://lkml.org/lkml/2010/8/27/429Mailing ListPatchThird Party Advisory
• http://lkml.org/lkml/2010/8/29/206Mailing ListPatchThird Party Advisory
• http://lkml.org/lkml/2010/8/30/138Mailing ListPatchThird Party Advisory
• http://lkml.org/lkml/2010/8/30/378Mailing ListThird Party Advisory
• http://openwall.com/lists/oss-security/2010/11/22/15Mailing ListThird Party Advisory
• http://openwall.com/lists/oss-security/2010/11/22/6Mailing ListThird Party Advisory
• http://secunia.com/advisories/42884Third Party Advisory
• http://secunia.com/advisories/46397Third Party Advisory
• http://www.exploit-db.com/exploits/15619ExploitThird Party AdvisoryVDB Entry
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37Broken Link
• http://www.redhat.com/support/errata/RHSA-2011-0017.htmlThird Party Advisory
• http://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party AdvisoryVDB Entry