lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4034048A.50407@lorch.cc>
From: ml-daniel at lorch.cc (Daniel Lorch)
Subject: Second critical mremap() bug found in all Linux
 kernels

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi

I checked LKML and Marcelo seems to recommend upgrading to 2.4.25.
This is currently not an option for me, as grsecurity-1.9.13-
2.4.24.patch won't properly apply against it. A friend (thanks,
Eike Frost) then pointed me to the following URL (bkbits reposi-
tory):

http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mremap.c@...?nav=index.html|ChangeSet@...|cset@...323

After applying this patch the PoC provided by Christophe Devine
reports "kernel my not be vulnerable". This seems to have resolved
the issue. Hope this helps others, too.

$ uname -a
Linux tsunami4 2.4.24-grsec #3 Thu Feb 19 01:00:39 CET 2004 i686 unknown

$ ./a.out
mmap: Cannot allocate memory
created ~65531 VMAs
now mremapping 0x3FFE9000 at 0x3FFE5000
kernel may not be vulnerable

daniel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFANARrS2WJ/hBy2k8RAsDgAKDsgrKBcskZP9aZjsoAj8BmwIgDYACgtBxA
xC9pqZXxm585HcC4aO0XEvw=
=wKiN
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ