lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 21 Feb 2004 04:14:54 +0100
From: Marc-Christian Petersen <m.c.p@....net>
To: bugtraq@...urityfocus.com
Cc: Pavel harry_x Palát <harry_x@...ylon5.cz>
Subject: Re: Hotfix for new mremap vulnerability


On Thursday 19 February 2004 17:32, Pavel harry_x Palát wrote:

Hi Pavel,

> Greetings,
>
> 	Here (http://wizard.ath.cx/fixmremap2.tar.gz) is small hotfix for newly
> discovered mremap() vulnerability. It
> doesn't directly change do_mremap() code, it just overwrites syscall
> handler with LKM. In my opinion it is enough to fix just mremap() syscall
> because at least on x86 there are no other functions which would use
> do_mremap directly. But this may not be true on others platforms (for
> example ia64)...
> The package contains the hotfix and a small proof of concept program which
> can be used to see if kernel is vulnerable.
> Use at your own risk.

- call the POC exploit on a vulnerable system
- echo "1000000" > /proc/sys/vm/max_map_count
- call the POC exploit again
- see the difference

Well, at least it prevents the POC exploit, maybe there's more though.

Kudos to the PaX team :)

-- 
ciao, Marc



Powered by blists - more mailing lists