Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-3858

Опубликовано: 13 авг. 2010
Источник: redhat
CVSS2: 4.9

Описание

The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.

Отчет

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as they did not backport the upstream commit b6a2fea3 that introduced the issue. This was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0004.html and https://rhn.redhat.com/errata/RHSA-2010-0958.html. Future kernel updates in Red Hat Enterprise Linux 6 may address this flaw.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=645222kernel: setup_arg_pages: diagnose excessive argument size

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-3858

ubuntu
больше 14 лет назад

The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.

nvd логотип

CVE-2010-3858

nvd
больше 14 лет назад

The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.

debian логотип

CVE-2010-3858

debian
больше 14 лет назад

The setup_arg_pages function in fs/exec.c in the Linux kernel before 2 ...

github логотип

GHSA-j2mv-rmhw-vq9m

github
около 3 лет назад

The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.

oracle-oval логотип

ELSA-2011-0836

oracle-oval
около 14 лет назад

ELSA-2011-0836: kernel security and bug fix update (IMPORTANT)

4.9 Medium

CVSS2