BugTraq
Second critical mremap() bug found in all Linux kernels Feb 18 2004 12:01PM
Paul Starzetz (ihaquer isec pl) (3 replies)
Hotfix for new mremap vulnerability Feb 19 2004 04:32PM
Pavel harry_x Palát (harry_x babylon5 cz) (1 replies)
Greetings,

Here (http://wizard.ath.cx/fixmremap2.tar.gz) is small hotfix for newly
discovered mremap() vulnerability. It
doesn't directly change do_mremap() code, it just overwrites syscall
handler with LKM. In my opinion it is enough to fix just mremap() syscall because at
least on x86 there are no other functions which would use do_mremap
directly. But this may not be true on others platforms (for example
ia64)...

The package contains the hotfix and a small proof of concept program which
can be used to see if kernel is vulnerable.

Use at your own risk.

Pavel Palát

--
Pavel "harry_x" Palát
harry_x (at) babylon5 (dot) cz [email concealed]
irc: #mistral.cz on IRCnet

The only way of finding the limits to the possible is by going beyond them to the impossible
Arthur C. Clark

[ reply ]
Re: Hotfix for new mremap vulnerability Feb 21 2004 03:14AM
Marc-Christian Petersen (m c p gmx net)
Re: Second critical mremap() bug found in all Linux kernels Feb 19 2004 04:24AM
Dan Yefimov (dan D00M integrate com ru)
Re: Second critical mremap() bug found in all Linux kernels Feb 18 2004 04:20PM
Jared M Breland (Jared Breland ipaper com)


 

Privacy Statement
Copyright 2010, SecurityFocus