328 matches found
Debian DSA-441-1 : linux-kernel-2.4.17-mips+mipsel - missing function return value check
Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap2 system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. %NASLMINLEVEL 70300 C...
Debian DSA-438-1 : linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check
Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap2 system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. %NASLMINLEVEL 70300 C...
Debian DSA-514-1 : kernel-image-sparc-2.2 - failing function and TLB flush
Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap2 system call. Due to flushing the TLB Translation Lookaside Buffer, an address cache too early it is possible for an attacker to trigger a local...
Debian DSA-440-1 : linux-kernel-2.4.17-powerpc-apus - several vulnerabilities
Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the PowerPC/Apus kernel for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update : - CAN-2003-0961 : An...
CVE-2004-0077
CVE-2004-0077 corresponds to a bounds-checking flaw in the Linux kernel mremap implementation (2.2 to 2.6.2). The issue arises when do_munmap return value is not properly checked after exceeding the maximum VMA descriptors, enabling a local attacker to gain root privileges. Connected advisories c...
CVE-2003-0985
CVE-2003-0985 affects Linux kernel 2.4.x (pre-2.4.21, possibly before 2.4.24). The do_mremap path lacks proper bounds checking, enabling local users to cause a denial of service and potentially gain privileges by remapping a VMA to a zero-length VMA. Connected data confirms CVE-2005-0528 is a dup...
Mandrake Linux Security Advisory : kernel (MDKSA-2004:015)
Paul Staretz discovered a flaw in return value checking in the mremap function in the Linux kernel, versions 2.4.24 and previous that could allow a local user to obtain root privileges. A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. A fl...
Linux kernel mremap(2) system call does not properly check return value from do_munmap() function
Overview A vulnerability in the Linux mremap2 system call could allow an authenticated, local attacker to execute arbitrary code with root privileges. Description The Linux kernel uses a linked list of vitrual memory area VMA descriptors to reference valid regions of the page table for a given...
CVE-2004-0077
The domremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the domunmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different...
isec-0014-mremap-unmap.v2.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Linux kernel domremap VMA limit local privilege escalation vulnerability Product: Linux kernel Version: 2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24, 2.6 up to to and including 2.6.2 Vendor: http://www.kernel.org/ URL:...
DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush
Bulletin has no description...
Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Local Privilege Escalation
/ mremap missing domunmap return check kernel exploit gcc -O3 -static -fomit-frame-pointer mremappte.c -o mremappte ./mremappte suid shell Vulnerable kernel versions are all include include include include include include include include include include include define strs s define xstrs strs //...
Linux Kernel 2.x mremap missing do_munmap Exploit
Exploit for linux platform in category local exploits ================================================= Linux Kernel 2.x mremap missing domunmap Exploit ================================================= / mremap missing domunmap return check kernel exploit gcc -O3 -static -fomit-frame-pointer...
Linux Kernel 2.2.252.4.242.6.2 - mremap() Local Privilege Escalation
Linux Kernel 2.2.252.4.242.6.2 - mremap Local Privilege Escalation / mremap missing domunmap return check kernel exploit gcc -O3 -static -fomit-frame-pointer mremappte.c -o mremappte ./mremappte suid shell Vulnerable kernel versions are all include include include include include include include...
security flaw
The domremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the domunmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different...
Kernel security update
New kernels are available for Slackware 9.1 and -current to fix a bounds-checking problem in the kernel's mremap call which could be used by a local attacker to gain root privileges. Please note that this is not the same issue as CAN-2003-0985 which was fixed in early January. The kernels in...
Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator
/ Proof-of-concept exploit code for domremap 2 EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "domremap 1". EDB Note: This will just "test" the vulnerability. A exploit version can be found here...
Linux Kernel "mremap()"#2 Local Proof-of-concept
Exploit for linux platform in category local exploits ================================================ Linux Kernel "mremap"2 Local Proof-of-concept ================================================ / Proof-of-concept exploit code for domremap 2 Copyright C 2004 Christophe Devine This program is...
[Full-Disclosure] Second critical mremap() bug found in all Linux kernels
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Linux kernel domremap VMA limit local privilege escalation vulnerability Product: Linux kernel Version: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2 Vendor: http://www.kernel.org/ URL:...
Linux Kernel 2.2.252.4.242.6.2 - mremap() Validator
Linux Kernel 2.2.252.4.242.6.2 - mremap Validator / Proof-of-concept exploit code for domremap 2 EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "domremap 1". EDB Note: This will just "test" the vulnerability. A exploit version c...