The Linux kernel contains a flaw that may allow a malicious user to gain access to unauthorized privileges due to improper checks on return values performed in the do_mremap function for the mremap system call. This flaw may lead to a loss of Confidentiality, Integrity and Availability.

Upgrade to version 2.4.25 or higher, or 2.6.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1009095
• Secunia Advisory ID: 10897 11276
• ISS X-Force ID: 15244
• Exploit Database: 154 160
• Milw0rm: 154 160
• CVE ID: 2004-0077 (see also: NVD)
• SCIP VulDB ID: 519
• Bugtraq ID: 9686
• CERT VU: 981222
• Vendor Specific Solution URL: http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000820
  http://lists.trustix.org/pipermail/tsl-announce/2004-February/000218.html
  http://mail.immunix.com/pipermail/immunix-announce/2004-February/0102.html
  http://www.debian.org/security/2004/dsa-438
  http://www.debian.org/security/2004/dsa-439
  http://www.debian.org/security/2004/dsa-440
  http://www.debian.org/security/2004/dsa-442
  http://www.debian.org/security/2004/dsa-444
  http://www.debian.org/security/2004/dsa-450
  http://www.debian.org/security/2004/dsa-454
  http://www.debian.org/security/2004/dsa-456
  http://www.debian.org/security/2004/dsa-466
  http://www.debian.org/security/2004/dsa-470
  http://www.debian.org/security/2004/dsa-475
  http://www.gentoo.org/security/en/glsa/glsa-200403-02.xml/MSS-OAR-E01-2004.0290.1
  http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:015
  http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:015-1
  http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911
  http://www.suse.de/de/security/2004_05_linux_kernel.html
  http://www.turbolinux.com/security/2004/TLSA-2004-7.txt
• Other Advisory URL: http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
• Vendor Specific Advisory URL: http://smoothwall.org/security/advisories/SWP-2004.002.html
  https://rhn.redhat.com/errata/RHSA-2004-065.html
  https://rhn.redhat.com/errata/RHSA-2004-069.html
  https://rhn.redhat.com/errata/RHSA-2004-106.html
• Vendor URL: http://www.kernel.org/
• Generic Exploit URL: http://www.packetstormsecurity.org/0403-exploits/isec-0014-mremap-unmap.v2.txt
• CIAC Advisory: o-082 o-094 o-126

• Paul Starzetz - ihaquerisec.pl - iSEC Security Research