Info

Disclosure

Jan 05, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in the Linux kernel. The do_mremap() function fails to perform bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.4.24 or higher, or 2.6.1 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Linux	Linux	2.4.x
		2.6.0

References

Secunia Advisory ID: 10532 11276
Exploit Database: 141 142 145
Milw0rm: 141 142 145
ISS X-Force ID: 14135
CVE ID: 2003-0985 (see also: NVD)
SCIP VulDB ID: 465
Bugtraq ID: 9356
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-01/0114.html
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/mremap_bug.c
http://downloads.securityfocus.com/vulnerabilities/exploits/mremap_poc.c
Vendor Specific Advisory URL: http://smoothwall.org/security/advisories/SWP-2004.001.html
CIAC Advisory: o-045

Credit

Paul Starzetz - ihaquerisec.pl - iSEC Security Research

Direct URL: http://osvdb.org/3315