Bugtraq mailing list archives
RE: Linux kernel do_mremap() proof-of-concept exploit code
From: <tlarholm () pivx com>
Date: Tue, 6 Jan 2004 10:08:10 -0800
From: Bruno Lustosa [mailto:bruno () lustosa net] Tested it under Linux 2.6.1-rc1, and surprisingly, the machine rebooted instantly. Isn't the mremap bug supposed to be fixed on the 2.6 series?
It is, but not in 2.6.1-rc1.
From http://isec.pl/vulnerabilities/isec-0013-mremap.txt:
"Version: 2.2, 2.4 and 2.6 series" "The exploitability of the discovered vulnerability is possible, although not a trivial one. We have identified at least two different attack vectors for the 2.4 kernel series." And from http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.1-rc2 "<torvalds () home osdl org> Don't allow mremap of zero-sized areas." The do_mremap() vulnerability is fixed in the 2.6 kernel only in 2.6.1-rc2, where as you tested on 2.6.1-rc1. The latest version of the 2.2 kernel is 2.2.25, but there was no immediate changelog available. However, it was created on January 3 so I suspect it would have the patch? Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com 949-231-8496 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net>
Current thread:
- Linux kernel do_mremap() proof-of-concept exploit code Christophe Devine (Jan 06)
- Re: Linux kernel do_mremap() proof-of-concept exploit code Bruno Lustosa (Jan 06)
- Re: Linux kernel do_mremap() proof-of-concept exploit code Alexandre Hautequest (Jan 06)
- Re: Linux kernel do_mremap() proof-of-concept exploit code Angelo Dell'Aera (Jan 07)
- Re: Linux kernel do_mremap() proof-of-concept exploit code D Lambrou (Jan 07)
- <Possible follow-ups>
- RE: Linux kernel do_mremap() proof-of-concept exploit code tlarholm (Jan 06)