Linux Kernel do_mremap() Privilege Escalation

2004-01-05T10:33:17
ID OSVDB:3315
Type osvdb
Reporter Paul Starzetz(ihaquer@isec.pl)
Modified 2004-01-05T10:33:17

Description

Vulnerability Description

A local overflow exists in the Linux kernel. The do_mremap() function fails to perform bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Upgrade to version 2.4.24 or higher, or 2.6.1 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in the Linux kernel. The do_mremap() function fails to perform bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10532 Secunia Advisory ID:11276 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-01/0114.html Other Advisory URL: http://isec.pl/vulnerabilities/isec-0013-mremap.txt Nessus Plugin ID:12443 Nessus Plugin ID:12444 ISS X-Force ID: 14135 Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/mremap_poc.c Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/mremap_bug.c CVE-2003-0985 CIAC Advisory: o-045 Bugtraq ID: 9356