CVE-2010-4243
Vulnerability from cvelistv5
Published
2011-01-22 21:00
Modified
2024-08-07 03:34
Severity ?
Summary
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
References
secalert@redhat.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c
secalert@redhat.comhttp://grsecurity.net/~spender/64bit_dos.cBroken Link
secalert@redhat.comhttp://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.htmlBroken Link
secalert@redhat.comhttp://lkml.org/lkml/2010/8/27/429Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://lkml.org/lkml/2010/8/29/206Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://lkml.org/lkml/2010/8/30/138Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://lkml.org/lkml/2010/8/30/378Mailing List, Third Party Advisory
secalert@redhat.comhttp://openwall.com/lists/oss-security/2010/11/22/15Mailing List, Third Party Advisory
secalert@redhat.comhttp://openwall.com/lists/oss-security/2010/11/22/6Mailing List, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/42884Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/46397Third Party Advisory
secalert@redhat.comhttp://www.exploit-db.com/exploits/15619Exploit, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37Broken Link
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-0017.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/bid/45004Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=625688Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/64700VDB Entry
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:37.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2010/11/22/6"
          },
          {
            "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
          },
          {
            "name": "RHSA-2011:0017",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
          },
          {
            "name": "46397",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46397"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688"
          },
          {
            "name": "linux-kernel-execve-dos(64700)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700"
          },
          {
            "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2010/8/30/378"
          },
          {
            "name": "15619",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/15619"
          },
          {
            "name": "[linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html"
          },
          {
            "name": "[oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2010/11/22/15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
          },
          {
            "name": "42884",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42884"
          },
          {
            "name": "[linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2010/8/27/429"
          },
          {
            "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2010/8/30/138"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://grsecurity.net/~spender/64bit_dos.c"
          },
          {
            "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2010/8/29/206"
          },
          {
            "name": "45004",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2010/11/22/6"
        },
        {
          "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
        },
        {
          "name": "RHSA-2011:0017",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
        },
        {
          "name": "46397",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46397"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688"
        },
        {
          "name": "linux-kernel-execve-dos(64700)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700"
        },
        {
          "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2010/8/30/378"
        },
        {
          "name": "15619",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/15619"
        },
        {
          "name": "[linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html"
        },
        {
          "name": "[oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2010/11/22/15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
        },
        {
          "name": "42884",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42884"
        },
        {
          "name": "[linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2010/8/27/429"
        },
        {
          "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2010/8/30/138"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://grsecurity.net/~spender/64bit_dos.c"
        },
        {
          "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2010/8/29/206"
        },
        {
          "name": "45004",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-4243",
    "datePublished": "2011-01-22T21:00:00",
    "dateReserved": "2010-11-16T00:00:00",
    "dateUpdated": "2024-08-07T03:34:37.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4243\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-01-22T22:00:04.240\",\"lastModified\":\"2023-02-13T04:28:22.620\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \\\"OOM dodging issue,\\\" a related issue to CVE-2010-3858.\"},{\"lang\":\"es\",\"value\":\"fs/exec.c del kernel de Linux en versiones anteriores a la 2.6.37 no habilita el \\\"OOM Killer\\\" para evaluar el uso de la memoria de pila por los arrays de los (1) argumentos y (2) entorno, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (consumo de la memoria) a trav\u00e9s de una llamada del sistema exec modificada. Tambi\u00e9n conocido como \\\"OOM dodging issue\\\". Relacionado con la vulnerabilidad CVE-2010-3858.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":4.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.37\",\"matchCriteriaId\":\"76630B45-B590-4651-972E-F938A83010C0\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://grsecurity.net/~spender/64bit_dos.c\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lkml.org/lkml/2010/8/27/429\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lkml.org/lkml/2010/8/29/206\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lkml.org/lkml/2010/8/30/138\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lkml.org/lkml/2010/8/30/378\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2010/11/22/15\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2010/11/22/6\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/42884\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/46397\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/15619\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0017.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/520102/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/45004\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0012.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=625688\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64700\",\"source\":\"secalert@redhat.com\",\"tags\":[\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.