Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 325579 (CVE-2010-1488) - Kernel: proc_oom_score() DOS (CVE-2010-1488)
Summary: Kernel: proc_oom_score() DOS (CVE-2010-1488)
Status: RESOLVED FIXED
Alias: CVE-2010-1488
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: [ linux < 2.6.34-rc4 ]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-25 20:07 UTC by Stefan Behte (RETIRED)
Modified: 2013-09-15 19:39 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 20:07:26 UTC 
CVE-2010-1488 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1488):
  The proc_oom_score function in fs/proc/base.c in the Linux kernel
  before 2.6.34-rc4 uses inappropriate data structures during selection
  of a candidate for the OOM killer, which might allow local users to
  cause a denial of service via unspecified patterns of task creation.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 21:36:53 UTC 
CVE-2010-1457 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1457):
  Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local
  users to read arbitrary files via a (1) -c or (2) -a option, which
  prints file contents in an error message.
Comment 2 Anthony Basile gentoo-dev 2010-06-26 01:05:58 UTC 
Of the hardened sources currently in the tree, none of the hardened-sources-2.6.32* are vulnerable.

I'm confused by your comment #1.  I don't see how its related to the kernel.
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2010-06-26 13:14:05 UTC 
(In reply to comment #2)
> I'm confused by your comment #1.  I don't see how its related to the kernel.

Wrong bug, should have been bug 325577. Thanks!