Bug 325579 (CVE-2010-1488)

Summary:	Kernel: proc_oom_score() DOS (CVE-2010-1488)
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	hardened-kernel+disabled, hardened, jaak, kernel
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugzilla.redhat.com/show_bug.cgi?id=582068
Whiteboard:	[ linux < 2.6.34-rc4 ]
Package list:		Runtime testing required:	---

Description Stefan Behte (RETIRED) gentoo-dev

2010-06-25 20:07:26 UTC

CVE-2010-1488 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1488):
  The proc_oom_score function in fs/proc/base.c in the Linux kernel
  before 2.6.34-rc4 uses inappropriate data structures during selection
  of a candidate for the OOM killer, which might allow local users to
  cause a denial of service via unspecified patterns of task creation.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-06-25 21:36:53 UTC

CVE-2010-1457 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1457):
  Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local
  users to read arbitrary files via a (1) -c or (2) -a option, which
  prints file contents in an error message.

Comment 2 Anthony Basile gentoo-dev

2010-06-26 01:05:58 UTC

Of the hardened sources currently in the tree, none of the hardened-sources-2.6.32* are vulnerable.

I'm confused by your comment #1.  I don't see how its related to the kernel.

Comment 3 Tobias Heinlein (RETIRED) gentoo-dev

2010-06-26 13:14:05 UTC

(In reply to comment #2)
> I'm confused by your comment #1.  I don't see how its related to the kernel.

Wrong bug, should have been bug 325577. Thanks!