SB2011012302 - Resource management error in Linux kernel
Published: January 23, 2011 Updated: August 11, 2020
Security Bulletin ID
SB2011012302
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2010-4243)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
Remediation
Install update from vendor's website.
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c
- http://grsecurity.net/~spender/64bit_dos.c
- http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html
- http://lkml.org/lkml/2010/8/27/429
- http://lkml.org/lkml/2010/8/29/206
- http://lkml.org/lkml/2010/8/30/138
- http://lkml.org/lkml/2010/8/30/378
- http://openwall.com/lists/oss-security/2010/11/22/15
- http://openwall.com/lists/oss-security/2010/11/22/6
- http://secunia.com/advisories/42884
- http://secunia.com/advisories/46397
- http://www.exploit-db.com/exploits/15619
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
- http://www.redhat.com/support/errata/RHSA-2011-0017.html
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://www.securityfocus.com/bid/45004
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- https://bugzilla.redhat.com/show_bug.cgi?id=625688
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64700