[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-4243Date: (C)2011-01-22   (M)2024-02-22


fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 3.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
EXPLOIT-DB-15619
http://www.securityfocus.com/archive/1/520102/100/0/threaded
SECUNIA-42884
BID-45004
SECUNIA-46397
RHSA-2011:0017
http://lkml.org/lkml/2010/8/27/429
http://lkml.org/lkml/2010/8/29/206
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html
http://openwall.com/lists/oss-security/2010/11/22/6
http://openwall.com/lists/oss-security/2010/11/22/15
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c
http://grsecurity.net/~spender/64bit_dos.c
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=625688
linux-kernel-execve-dos(64700)

CWE    1
CWE-400
OVAL    13
oval:org.secpod.oval:def:700253
oval:org.secpod.oval:def:400020
oval:org.secpod.oval:def:600169
oval:org.secpod.oval:def:700593
...

© SecPod Technologies