CVE-2010-4243medium
Description
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
References
http://grsecurity.net/~spender/64bit_dos.c
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html
http://lkml.org/lkml/2010/8/27/429
http://lkml.org/lkml/2010/8/29/206
http://lkml.org/lkml/2010/8/30/138
http://lkml.org/lkml/2010/8/30/378
http://openwall.com/lists/oss-security/2010/11/22/15
http://openwall.com/lists/oss-security/2010/11/22/6
http://secunia.com/advisories/42884
http://secunia.com/advisories/46397
http://www.exploit-db.com/exploits/15619
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
http://www.redhat.com/support/errata/RHSA-2011-0017.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/45004
http://www.vmware.com/security/advisories/VMSA-2011-0012.html