CVE-2010-4243 Information

Description

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment which allows local users to cause a denial of service (memory consumption) via a crafted exec system call aka an \OOM dodging issue\ a related issue to CVE-2010-3858.

Reference

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c http://grsecurity.net/~spender/64bit_dos.c http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html http://lkml.org/lkml/2010/8/27/429 http://lkml.org/lkml/2010/8/29/206 http://lkml.org/lkml/2010/8/30/138 http://lkml.org/lkml/2010/8/30/378 http://openwall.com/lists/oss-security/2010/11/22/15 http://openwall.com/lists/oss-security/2010/11/22/6 http://secunia.com/advisories/42884 http://secunia.com/advisories/46397 http://www.exploit-db.com/exploits/15619 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 http://www.redhat.com/support/errata/RHSA-2011-0017.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/45004 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=625688 https://exchange.xforce.ibmcloud.com/vulnerabilities/64700