lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Feb 2004 04:14:54 +0100 From: Marc-Christian Petersen <m.c.p@....net> To: bugtraq@...urityfocus.com Cc: Pavel harry_x Palát <harry_x@...ylon5.cz> Subject: Re: Hotfix for new mremap vulnerability On Thursday 19 February 2004 17:32, Pavel harry_x Palát wrote: Hi Pavel, > Greetings, > > Here (http://wizard.ath.cx/fixmremap2.tar.gz) is small hotfix for newly > discovered mremap() vulnerability. It > doesn't directly change do_mremap() code, it just overwrites syscall > handler with LKM. In my opinion it is enough to fix just mremap() syscall > because at least on x86 there are no other functions which would use > do_mremap directly. But this may not be true on others platforms (for > example ia64)... > The package contains the hotfix and a small proof of concept program which > can be used to see if kernel is vulnerable. > Use at your own risk. - call the POC exploit on a vulnerable system - echo "1000000" > /proc/sys/vm/max_map_count - call the POC exploit again - see the difference Well, at least it prevents the POC exploit, maybe there's more though. Kudos to the PaX team :) -- ciao, Marc
Powered by blists - more mailing lists