OSVDB ID: 3986

Title: Linux Kernel mremap() Missing Return Value Checking Privilege Escalation

Info

Disclosure

Feb 18, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Linux kernel contains a flaw that may allow a malicious user to gain access to unauthorized privileges due to improper checks on return values performed in the do_mremap function for the mremap system call. This flaw may lead to a loss of Confidentiality, Integrity and Availability.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.4.25 or higher, or 2.6.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Linux	Kernel	2.2.x
		2.4.x
		2.6.x

References

Security Tracker: 1009095
Secunia Advisory ID: 10897 11276
ISS X-Force ID: 15244
Exploit Database: 154 160
Milw0rm: 154 160
CVE ID: 2004-0077 (see also: NVD)
SCIP VulDB ID: 519
Bugtraq ID: 9686
CERT VU: 981222
Vendor Specific Solution URL: http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000820
http://lists.trustix.org/pipermail/tsl-announce/2004-February/000218.html
http://mail.immunix.com/pipermail/immunix-announce/2004-February/0102.html
http://www.debian.org/security/2004/dsa-438
http://www.debian.org/security/2004/dsa-439
http://www.debian.org/security/2004/dsa-440
http://www.debian.org/security/2004/dsa-442
http://www.debian.org/security/2004/dsa-444
http://www.debian.org/security/2004/dsa-450
http://www.debian.org/security/2004/dsa-454
http://www.debian.org/security/2004/dsa-456
http://www.debian.org/security/2004/dsa-466
http://www.debian.org/security/2004/dsa-470
http://www.debian.org/security/2004/dsa-475
http://www.gentoo.org/security/en/glsa/glsa-200403-02.xml/MSS-OAR-E01-2004.0290.1
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:015
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:015-1
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911
http://www.suse.de/de/security/2004_05_linux_kernel.html
http://www.turbolinux.com/security/2004/TLSA-2004-7.txt
Other Advisory URL: http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Vendor Specific Advisory URL: http://smoothwall.org/security/advisories/SWP-2004.002.html
https://rhn.redhat.com/errata/RHSA-2004-065.html
https://rhn.redhat.com/errata/RHSA-2004-069.html
https://rhn.redhat.com/errata/RHSA-2004-106.html
Vendor URL: http://www.kernel.org/
Generic Exploit URL: http://www.packetstormsecurity.org/0403-exploits/isec-0014-mremap-unmap.v2.txt
CIAC Advisory: o-082 o-094 o-126

Credit

Paul Starzetz - ihaquerisec.pl - iSEC Security Research

Direct URL: http://osvdb.org/3986