|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA10897] Linux Kernel "mremap()" Missing Return Value Checking Privilege Escalation
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Feb 18 2004 - 09:01:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Linux Kernel "mremap()" Missing Return Value Checking Privilege
Escalation
SECUNIA ADVISORY ID:
SA10897
VERIFY ADVISORY:
http://secunia.com/advisories/10897/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Linux Kernel 2.2.x
Linux Kernel 2.4.x
Linux Kernel 2.6.x
DESCRIPTION:
Paul Starzetz has reported a vulnerability in the Linux kernel, which
can be exploited by malicious, local users to gain escalated
privileges on a vulnerable system.
The problem is that the "mremap()" system call doesn't check values
returned by the "do_munmap()" kernel function when moving VMAs
(Virtual Memory Areas) or parts thereof.
Successful exploitation allows execution of arbitrary code with
kernel level privileges.
The following versions are reportedly affected:
* Branch 2.2.x up to 2.2.25
* Branch 2.4.x up to 2.4.24
* Branch 2.6.x up to 2.6.2
Exploit code has reportedly been developed and will be released next
week.
NOTE: This is not the same vulnerability as the one reported early
January 2004 in the same system call.
SOLUTION:
Update to a non-vulnerable version.
http://www.kernel.org/
Grant only trusted users access to an affected system.
PROVIDED AND/OR DISCOVERED BY:
Paul Starzetz
ORIGINAL ADVISORY:
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
OTHER REFERENCES:
SA10532:
http://secunia.com/advisories/10532/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]