TurboLinux Information for VU#490620

Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 06/Jan/2004
============================================================

The following page contains the security information of Turbolinux Inc.

- Turbolinux Security Center
  http://www.turbolinux.com/security/

(1) kernel -> kernel mremap vulnerability


===========================================================
* kernel -> kernel mremap vulnerability
===========================================================

More information :
   The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system.
   The kernel handles the basic functions of the operating system.
   The Linux memory management subsystem (mremap) isssue have been discovered in Kernel2.4.

Impact :
   The local users may be able to gain root privileges.

Affected Products :
   - Turbolinux 8 Server
   - Turbolinux 8 Workstation
   - Turbolinux 7 Server
   - Turbolinux 7 Workstation

Solution :
   Please use turbopkg(zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom update kernel kernel-BOOT kernel-doc kernel-headers kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source
---------------------------------------------


<Turbolinux 8 Server>

  Source Packages
  Size : MD5

  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-16.src.rpm
    41913762 bb068af1293917a5830bc39939c7ed60

  Binary Packages
  Size : MD5

  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-16.i586.rpm
    14072693 1e2dfa0a3a6f90daaa15d48a34082c31
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-16.i586.rpm
     7100767 f2ab93bca6266a0484828d697af11d79
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-16.i586.rpm
     1457894 ab50b07561aefd7ad8953ed599867163
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-16.i586.rpm
     1815780 77d5fa6d227e8124bc9746f0f3e8da76
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-16.i586.rpm
      329042 d2672266844a19e9b8aeb290d817e4e3
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-16.i586.rpm
    14551108 9c0260f2032f0a9411b48030e37ecc6e
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-16.i586.rpm
    14540333 e4bc5e66c81abf489645ebbd593ba558
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-16.i586.rpm
    26537903 6d29fd4d02d927970fc18e4f9b4bde3d

<Turbolinux 8 Workstation>

  Source Packages
  Size : MD5

  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-16.src.rpm
    41913762 bb068af1293917a5830bc39939c7ed60

  Binary Packages
  Size : MD5

  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-16.i586.rpm
    14072693 1e2dfa0a3a6f90daaa15d48a34082c31
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-16.i586.rpm
     7100767 f2ab93bca6266a0484828d697af11d79
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-16.i586.rpm
     1457894 ab50b07561aefd7ad8953ed599867163
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-16.i586.rpm
     1815780 77d5fa6d227e8124bc9746f0f3e8da76
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-16.i586.rpm
      329042 d2672266844a19e9b8aeb290d817e4e3
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-16.i586.rpm
    14551108 9c0260f2032f0a9411b48030e37ecc6e
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-16.i586.rpm
    14540333 e4bc5e66c81abf489645ebbd593ba558
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-16.i586.rpm
    26537903 6d29fd4d02d927970fc18e4f9b4bde3d

<Turbolinux 7 Server>

  Source Packages
  Size : MD5

  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-16.src.rpm
    41913762 bb068af1293917a5830bc39939c7ed60

  Binary Packages
  Size : MD5

  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-16.i586.rpm
    14072693 1e2dfa0a3a6f90daaa15d48a34082c31
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-16.i586.rpm
     7100767 f2ab93bca6266a0484828d697af11d79
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-16.i586.rpm
     1457894 ab50b07561aefd7ad8953ed599867163
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-16.i586.rpm
     1815780 77d5fa6d227e8124bc9746f0f3e8da76
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-16.i586.rpm
      329042 d2672266844a19e9b8aeb290d817e4e3
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-16.i586.rpm
    14551108 9c0260f2032f0a9411b48030e37ecc6e
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-16.i586.rpm
    14540333 e4bc5e66c81abf489645ebbd593ba558
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-16.i586.rpm
    26537903 6d29fd4d02d927970fc18e4f9b4bde3d

<Turbolinux 7 Workstation>

  Source Packages
  Size : MD5

  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-16.src.rpm
    41913762 bb068af1293917a5830bc39939c7ed60

  Binary Packages
  Size : MD5

  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-16.i586.rpm
    14072693 1e2dfa0a3a6f90daaa15d48a34082c31
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-16.i586.rpm
     7100767 f2ab93bca6266a0484828d697af11d79
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-16.i586.rpm
     1457894 ab50b07561aefd7ad8953ed599867163
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-16.i586.rpm
     1815780 77d5fa6d227e8124bc9746f0f3e8da76
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-16.i586.rpm
      329042 d2672266844a19e9b8aeb290d817e4e3
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-16.i586.rpm
    14551108 9c0260f2032f0a9411b48030e37ecc6e
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-16.i586.rpm
    14540333 e4bc5e66c81abf489645ebbd593ba558
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-16.i586.rpm
    26537903 6d29fd4d02d927970fc18e4f9b4bde3d


References :

CVE
  [CAN-2003-0985]
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985


* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

 http://www.turbolinux.com/download/zabom.html
 http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
* To obtain the public key

Here is the public key

http://www.turbolinux.com/security/

* To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
 you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

* To change your email address

If you ever want to chage email address in this mailing list,
 you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:

 chaddr 'old address' 'new address'

If you have any questions or problems, please contact

<supp_info@turbolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/+jHsK0LzjOqIJMwRAmKgAJ9lsDB19QPplRaX2f9bjekaMPkCtACeNgfi
9CSZg6sN3tPlfNhFr4q+PAk=
=uB9b
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.