Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Vulnerability in the Linux kernel

Feb 18, 2004 12:05AM PST

Linux Kernel "mremap()" Missing Return Value Checking Privilege Escalation

Secunia Advisory: SA10897
Release Date: 2004-02-18
Critical: Less critical
Impact: Privilege escalation
Where: Local system

OS: Linux Kernel 2.2.x
Linux Kernel 2.4.x
Linux Kernel 2.6.x

Description:
Paul Starzetz has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.

The problem is that the "mremap()" system call doesn't check values returned by the "do_munmap()" kernel function when moving VMAs (Virtual Memory Areas) or parts thereof.

Successful exploitation allows execution of arbitrary code with kernel level privileges.

The following versions are reportedly affected:
* Branch 2.2.x up to 2.2.25
* Branch 2.4.x up to 2.4.24
* Branch 2.6.x up to 2.6.2

Exploit code has reportedly been developed and will be released next week.

NOTE: This is not the same vulnerability as the one reported early January 2004 in the same system call.

Solution:
Update to a non-vulnerable version.
http://www.kernel.org/

Grant only trusted users access to an affected system.

http://secunia.com/advisories/10897/

Discussion is locked