fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
http://grsecurity.net/~spender/64bit_dos.c
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html
http://lkml.org/lkml/2010/8/27/429
http://lkml.org/lkml/2010/8/29/206
http://lkml.org/lkml/2010/8/30/138
http://lkml.org/lkml/2010/8/30/378
http://openwall.com/lists/oss-security/2010/11/22/15
http://openwall.com/lists/oss-security/2010/11/22/6
http://secunia.com/advisories/42884
http://secunia.com/advisories/46397
http://www.exploit-db.com/exploits/15619
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
http://www.redhat.com/support/errata/RHSA-2011-0017.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/45004
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89680 | VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check) | Nessus | Misc. | high |
76634 | RHEL 6 : MRG (RHSA-2011:1253) | Nessus | Red Hat Local Security Checks | high |
75554 | openSUSE Security Update : kernel (openSUSE-SU-2011:0399-1) | Nessus | SuSE Local Security Checks | high |
68206 | Oracle Linux 6 : kernel (ELSA-2011-0283) | Nessus | Oracle Linux Local Security Checks | medium |
65101 | Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1083-1) | Nessus | Ubuntu Local Security Checks | critical |
60965 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
56508 | VMSA-2011-0012 : VMware ESXi and ESX updates to third-party libraries and ESX Service Console | Nessus | VMware ESX Local Security Checks | high |
56192 | USN-1204-1 : linux-fsl-imx51 vulnerabilities | Nessus | Ubuntu Local Security Checks | high |
56190 | USN-1202-1 : linux-ti-omap4 vulnerabilities | Nessus | Ubuntu Local Security Checks | high |
55591 | Ubuntu 11.04 : linux vulnerabilities (USN-1167-1) | Nessus | Ubuntu Local Security Checks | high |
55589 | Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1159-1) | Nessus | Ubuntu Local Security Checks | high |
55521 | Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1162-1) | Nessus | Ubuntu Local Security Checks | high |
55104 | Ubuntu 10.04 LTS : linux, linux-ec2 vulnerabilities (USN-1141-1) | Nessus | Ubuntu Local Security Checks | high |
53740 | openSUSE Security Update : kernel (openSUSE-SU-2011:0346-1) | Nessus | SuSE Local Security Checks | high |
52597 | SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4039 / 4042 / 4043) | Nessus | SuSE Local Security Checks | high |
52062 | RHEL 6 : kernel (RHSA-2011:0283) | Nessus | Red Hat Local Security Checks | medium |
51847 | Ubuntu 10.04 LTS / 10.10 : linux, linux-ec2 vulnerabilities (USN-1054-1) | Nessus | Ubuntu Local Security Checks | high |
51818 | Debian DSA-2153-1 : linux-2.6 - privilege escalation/denial of service/information leak | Nessus | Debian Local Security Checks | high |
51522 | RHEL 5 : kernel (RHSA-2011:0017) | Nessus | Red Hat Local Security Checks | medium |