CVE-2010-4243

Sažetak

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

Reference

http://openwall.com/lists/oss-security/2010/11/22/6
https://bugzilla.redhat.com/show_bug.cgi?id=625688
http://lkml.org/lkml/2010/8/30/138
http://lkml.org/lkml/2010/8/30/378
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
http://www.exploit-db.com/exploits/15619
http://lkml.org/lkml/2010/8/27/429
http://openwall.com/lists/oss-security/2010/11/22/15
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html
http://grsecurity.net/~spender/64bit_dos.c
http://lkml.org/lkml/2010/8/29/206
http://www.redhat.com/support/errata/RHSA-2011-0017.html
http://secunia.com/advisories/42884
http://www.securityfocus.com/bid/45004
http://secunia.com/advisories/46397
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/64700
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c

CVSS

Base:	4.9
Impact:	6.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

13-02-2023 - 04:28

Objavljeno

22-01-2011 - 22:00