lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 18 Feb 2004 11:49:51 -0800
From: <tlarholm@...x.com>
To: <steveb@...coinc.com>, <bugtraq@...urityfocus.com>
Subject: RE: Second critical mremap() bug found in all Linux kernels


The mremap() fix in the diff file for the 2.4.24-ow1 kernel patch dates
from January 8, 2004 (
http://www.openwall.com/linux/linux-2.4.24-ow1.tar.gz ).

The exact same code fix in the 2.4.23-ow2 kernel patch dates from
December 18, 2003 (
http://www.openwall.com/linux/linux-2.4.23-ow2.tar.gz ).

Kudos to OpenWall Project for discovering this last year, if they had
realized the implications of this bug they would probably have notified
the kernel developers back then. Perhaps it would be wise for the kernel
developers to look at what other potential issues OWP are proactively
protecting against.



Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 

-----Original Message-----
From: Steve Bremer [mailto:steveb@...coinc.com] 
Sent: Wednesday, February 18, 2004 8:05 AM
To: bugtraq@...urityfocus.com
Subject: Re: Second critical mremap() bug found in all Linux kernels



I think it's worth noting that those who have been using either the
2.4.23-ow2 or the 2.4.24-ow1 kernel patches from the Openwall Project
are not vulnerable to this latest mremap() bug.

Steve Bremer
NEBCO, Inc.
Systems & Security Administrator


Powered by blists - more mailing lists