oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE request: kernel: OOM-killer via

[oss-security] CVE request: kernel: OOM-killer via argv expansion

From: Kees Cook <kees_at_nospam>
Date: Mon Feb 28 2011 - 20:32:55 GMT
To: oss-security@lists.openwall.com


I think the flaw[1] with argv-expansion triggering the OOM-killer
incorrectly needs its own CVE.

While the stack guard page and the fixes[2] for CVE-2010-3858 certainly
improved things, argv expansion can still be tricked into OOM-killing the
entire system. Solutions were discussed on the original thread, but
were not finished. Recently a set of patches[3] has been re-proposed to fix
this issue. Regardless, it should probably get its own CVE assigned.



[1] https://lkml.org/lkml/2010/8/27/429
[2] http://git.kernel.org/linus/1b528181b2ffa14721fb28ad1bd539fe1732c583
[3] https://lkml.org/lkml/2011/2/25/227

-- Kees Cook Ubuntu Security Team