Vulnerability Note VU#490620

Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length

Original Release date: 09 Mar 2004 | Last revised: 19 Aug 2004

Overview

There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges.

Description

The Linux kernel contains a vulnerability in the do_mremap() call that allows software to create a virtual memory area (VMA) with a length of 0 bytes. This vulnerability is reported to exist in versions 2.4.23 and earlier, excluding 2.2.x versions. Because the vulnerability is located within the kernel, multiple Linux distributions will be affected. An attacker with local access to an affected host may be able to exploit this vulnerability and gain superuser privileges.

Impact

This vulnerability allows local users to gain superuser privileges on affected hosts.

Solution

Apply a patch from your vendor

This vulnerability affects multiple Linux distributions; please see the Systems Affected section of this document for information on specific vendors.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
ConectivaAffected05 Jan 200419 Aug 2004
DebianAffected06 Jan 200419 Aug 2004
Guardian Digital Inc. Affected05 Jan 200419 Aug 2004
MandrakeSoftAffected07 Jan 200419 Aug 2004
Red Hat Inc.Affected05 Jan 200419 Aug 2004
SGIAffected22 Jan 200416 Mar 2004
SlackwareAffected06 Jan 200416 Mar 2004
SuSE Inc.Affected05 Jan 200419 Aug 2004
Trustix Secure LinuxAffected05 Jan 200409 Mar 2004
TurboLinuxAffected06 Jan 200409 Mar 2004
VMwareAffected28 Jan 200416 Mar 2004
Hewlett-Packard CompanyUnknown-19 Aug 2004
IBM eServerUnknown-19 Aug 2004
Ingrian NetworksUnknown-19 Aug 2004
MontaVista SoftwareUnknown-19 Aug 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Paul Starzetz.

This document was written by Jeffrey P. Lanza.

Other Information

  • CVE IDs: CAN-2003-0985
  • Date Public: 05 Jan 2004
  • Date First Published: 09 Mar 2004
  • Date Last Updated: 19 Aug 2004
  • Severity Metric: 13.54
  • Document Revision: 23

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.