| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Jan 2004 10:08:10 -0800 From: <tlarholm@...x.com> To: <bruno@...tosa.net>, <bugtraq@...urityfocus.com> Subject: RE: Linux kernel do_mremap() proof-of-concept exploit code > From: Bruno Lustosa [mailto:bruno@...tosa.net] > Tested it under Linux 2.6.1-rc1, and surprisingly, > the machine rebooted instantly. Isn't the mremap > bug supposed to be fixed on the 2.6 series? It is, but not in 2.6.1-rc1. >From http://isec.pl/vulnerabilities/isec-0013-mremap.txt: "Version: 2.2, 2.4 and 2.6 series" "The exploitability of the discovered vulnerability is possible, although not a trivial one. We have identified at least two different attack vectors for the 2.4 kernel series." And from http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.1-rc2 "<torvalds@...e.osdl.org> Don't allow mremap of zero-sized areas." The do_mremap() vulnerability is fixed in the 2.6 kernel only in 2.6.1-rc2, where as you tested on 2.6.1-rc1. The latest version of the 2.2 kernel is 2.2.25, but there was no immediate changelog available. However, it was created on January 3 so I suspect it would have the patch? Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@...x.com 949-231-8496 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net>
Powered by blists - more mailing lists