CERT/CC Vulnerability Note VU#490620

Overview

There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges.

Description

The Linux kernel contains a vulnerability in the do_mremap() call that allows software to create a virtual memory area (VMA) with a length of 0 bytes. This vulnerability is reported to exist in versions 2.4.23 and earlier, excluding 2.2.x versions. Because the vulnerability is located within the kernel, multiple Linux distributions will be affected. An attacker with local access to an affected host may be able to exploit this vulnerability and gain superuser privileges.

Impact

This vulnerability allows local users to gain superuser privileges on affected hosts.

Solution

Apply a patch from your vendor

This vulnerability affects multiple Linux distributions; please see the Systems Affected section of this document for information on specific vendors.

Vendor Information

490620

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Conectiva Affected

Notified: January 05, 2004 Updated: August 19, 2004

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : kernel SUMMARY : Fix for two vulnerabilities DATE : 2004-01-05 13:46:00 ID : CLA-2004:799 RELEVANT RELEASES : 8, 9 - ------------------------------------------------------------------------- DESCRIPTION The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. This announcement fixes two local vulnerabilities in the kernel package: 1) mremap() local vulnerability (CAN-2003-0985[2]) Paul Starzetz <ihaquer@isec.pl> from iSEC Security Research reported[1] another vulnerability in the Linux memory management code which can be used by local attackers to obtain root privileges or cause a denial of service condition (DoS). 2) Information leak in RTC code (CAN-2003-0984[3]) Russell King <rmk@arm.linux.org.uk> reported that real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. SOLUTION It is recommended that all Conectiva Linux users upgrade the kernel package. IMPORTANT: exercise caution and preparation when upgrading the kernel, since it will require a reboot after the new packages are installed. In particular, Conectiva Linux 9 will most likely require an initrd file (which is automatically created in the /boot directory after the new packages are installed). Generic kernel update instructions can be obtained in the manuals and in our faq page[4]. REFERENCES 1.http://isec.pl/vulnerabilities/isec-0013-mremap.txt 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984 4.http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/8/SRPMS/kernel-2.4.19-1U80_20cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/devfsd-2.4.19-1U80_20cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_20cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_20cl.i586.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_20cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-BOOT-2.4.19-1U80_20cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-doc-2.4.19-1U80_20cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-enterprise-2.4.19-1U80_20cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-headers-2.4.19-1U80_20cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-rbc-2.4.19-1U80_20cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_20cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_20cl.i586.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_20cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-source-2.4.19-1U80_20cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/kernel24-2.4.21-31301U90_13cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/devfsd-2.4.21-31301U90_13cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_13cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_13cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_13cl.i586.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_13cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_13cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-BOOT-2.4.21-31301U90_13cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-doc-2.4.21-31301U90_13cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_13cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_13cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_13cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-rbc-2.4.21-31301U90_13cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-headers-2.4.21-31301U90_13cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_13cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_13cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_13cl.i586.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_13cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_13cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-source-2.4.21-31301U90_13cl.i386.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/+Ybk42jd0JmAcZARAlJKAJ9x6rYu5qb5jtj4LcLlOiujzTQW/ACgvvTj uK6MQOfSZS/wH32ltbNIXt0= =ZgeM -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian Affected

Notified: January 06, 2004 Updated: August 19, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Debian has published several advisories to address this vulnerability across multiple processor architectures. For further details, please see the document that corresponds to your processor architecture and kernel version:

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Guardian Digital Inc. Affected

Notified: January 05, 2004 Updated: August 19, 2004

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+------------------------------------------------------------------------+
| Guardian Digital Security Advisory January 05, 2003 |
| http://www.guardiandigital.com ESA-20040105-001 |
| |
| Package: kernel |
| Summary: bug and security fixes. |
+------------------------------------------------------------------------+

EnGarde Secure Linux is an enterprise class Linux platform engineered
to enable corporations to quickly and cost-effectively build a complete
and secure Internet presence while preventing Internet threats.

OVERVIEW
- --------
This update fixes two security issues and one critical bug in the Linux
Kernel shipped with EnGarde Secure Linux.

A summary of the bugs fixed:

* An EnGarde-specific memory leak in the LIDS code has been fixed.
This memory leak could cause a machine, over time, to freeze up.

* A security vulnerability in the mremap(2) system call was recently
discovered by Paul Starzetz. The incorrect bounds checking done
in this system call could be exploited by a local user to gain root
privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0985 to this issue.

* A somewhat less critical vulnerability has been found in the Linux
RTC code. This vulnerability may leak small bits of arbitrary
kernel memory to user land.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0984 to this issue.

Guardian Digital products affected by this issue include:

EnGarde Secure Community 2
EnGarde Secure Professional v1.5

It is recommended that all users apply this update as soon as possible.

SOLUTION
- --------
Guardian Digital Secure Network subscribers may automatically update
affected systems by accessing their account from within the Guardian
Digital WebTool.

To modify your GDSN account and contact preferences, please go to:

https://www.guardiandigital.com/account/

REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

Official Web Site of the Linux Kernel:
http://www.kernel.org/

Guardian Digital Advisories:
http://infocenter.guardiandigital.com/advisories/

Security Contact: security@guardiandigital.com

- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@guardiandigital.com>
Copyright 2004, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/+XJ8HD5cqd57fu0RAletAKCLtCixF4Qvs9hes1S+9UiTZY/tNQCdFjm1
o6kgmRCVXNU+thpSaxg7zm0=
=MU9t
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft Affected

Notified: January 07, 2004 Updated: August 19, 2004

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrake Linux Security Update Advisory _______________________________________________________________________ Package name: kernel Advisory ID: MDKSA-2004:001 Date: January 7th, 2004 Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 ______________________________________________________________________ Problem Description: A flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous was discovered by Paul Starzetz. This flaw may be used to allow a local attacker to obtain root privilege. Another minor information leak in the RTC (real time clock) routines was fixed as well. All Mandrake Linux users are encouraged to upgrade to these packages immediately. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php Mandrake Linux 9.1 and 9.2 users should upgrade the initscripts (9.1) and bootloader-utils (9.2) packages prior to upgrading the kernel as they contain a fixed installkernel script that fixes instances where the loop module was not being loaded and would cause mkinitrd to fail. Users requiring commercial NVIDIA drivers can find drivers for Mandrake Linux 9.2 at MandrakeClub. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984 ______________________________________________________________________ Updated Packages: Corporate Server 2.1: 344b324173b04d135c00072452203021 corporate/2.1/RPMS/kernel-2.4.19.37mdk-1-1mdk.i586.rpm 558b3f1e0ae41705a7e9d934d49947c4 corporate/2.1/RPMS/kernel-enterprise-2.4.19.37mdk-1-1mdk.i586.rpm 6a06c2133a894e542caf6cedf72e6d89 corporate/2.1/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm 45aaeb3cf17a0d59adfabf63e6d8de6f corporate/2.1/RPMS/kernel-smp-2.4.19.37mdk-1-1mdk.i586.rpm fd3c78a32146b808d3355e375e2a05b4 corporate/2.1/RPMS/kernel-source-2.4.19-37mdk.i586.rpm adc06d97e9468534ec14e330b102180c corporate/2.1/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm Corporate Server 2.1/x86_64: d3d77a7084d6d5a976a8a40285ba03b6 x86_64/corporate/2.1/RPMS/kernel-2.4.19.34mdk-1-1mdk.x86_64.rpm b2bb6374e1f0e2db7ea9d3f13b4a0d6f x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.34mdk-1-1mdk.x86_64.rpm 216d6cfcc6a3409228d1a5161c6b0aeb x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.34mdk-1-1mdk.x86_64.rpm 780d0a110c2512006a4e9cb52afe463c x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-34mdk.x86_64.rpm a1fb994e250ce11fc08e460dee0cddd5 x86_64/corporate/2.1/SRPMS/kernel-2.4.19.34mdk-1-1mdk.src.rpm Mandrake Linux 9.0: 344b324173b04d135c00072452203021 9.0/RPMS/kernel-2.4.19.37mdk-1-1mdk.i586.rpm 558b3f1e0ae41705a7e9d934d49947c4 9.0/RPMS/kernel-enterprise-2.4.19.37mdk-1-1mdk.i586.rpm 6a06c2133a894e542caf6cedf72e6d89 9.0/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm 45aaeb3cf17a0d59adfabf63e6d8de6f 9.0/RPMS/kernel-smp-2.4.19.37mdk-1-1mdk.i586.rpm fd3c78a32146b808d3355e375e2a05b4 9.0/RPMS/kernel-source-2.4.19-37mdk.i586.rpm adc06d97e9468534ec14e330b102180c 9.0/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm Mandrake Linux 9.1: 2bde1321f95b49fa456ade29d03f0212 9.1/RPMS/initscripts-7.06-12.3.91mdk.i586.rpm 7e6a48635fc44714dd4efdd5714c1968 9.1/RPMS/kernel-2.4.21.0.27mdk-1-1mdk.i586.rpm f901e50a01fb020f31102a2cf494e817 9.1/RPMS/kernel-enterprise-2.4.21.0.27mdk-1-1mdk.i586.rpm 10c60ba7a25f1e7b3ea1f19636afcc6b 9.1/RPMS/kernel-secure-2.4.21.0.27mdk-1-1mdk.i586.rpm 6270d3d1ce00b5d85931145e1b27f8a4 9.1/RPMS/kernel-smp-2.4.21.0.27mdk-1-1mdk.i586.rpm 165628ae2d42c0f2f9bf894d3e9fc432 9.1/RPMS/kernel-source-2.4.21-0.27mdk.i586.rpm 8cfd6b274467b7165bd5985805254567 9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm b6cd338f787dc5062763004afa45e623 9.1/SRPMS/kernel-2.4.21.0.27mdk-1-1mdk.src.rpm Mandrake Linux 9.1/PPC: 08ec2073354e8d64ebf81a79cd5bc319 ppc/9.1/RPMS/initscripts-7.06-12.3.91mdk.ppc.rpm 84f9d61c4b504c6ccce1f87344d96692 ppc/9.1/RPMS/kernel-2.4.21.0.27mdk-1-1mdk.ppc.rpm b389e5b0bffa3e166c2960d8e032fab1 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.27mdk-1-1mdk.ppc.rpm 0c0fd519aba807c43c78b89360ff26b1 ppc/9.1/RPMS/kernel-smp-2.4.21.0.27mdk-1-1mdk.ppc.rpm feec3693688aedea8defd75da9cf6919 ppc/9.1/RPMS/kernel-source-2.4.21-0.27mdk.ppc.rpm 8cfd6b274467b7165bd5985805254567 ppc/9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm b6cd338f787dc5062763004afa45e623 ppc/9.1/SRPMS/kernel-2.4.21.0.27mdk-1-1mdk.src.rpm Mandrake Linux 9.2: dbae8a701a027e2a0aeb524643d3cdee 9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.i586.rpm 2f9b2ed7be3388932bbc319611a0b8b7 9.2/RPMS/kernel-2.4.22.26mdk-1-1mdk.i586.rpm b2f4fe01031d1bf8d26ea6c408be63f8 9.2/RPMS/kernel-enterprise-2.4.22.26mdk-1-1mdk.i586.rpm e0dc38c45880e6732a50feba5470eaac 9.2/RPMS/kernel-i686-up-4GB-2.4.22.26mdk-1-1mdk.i586.rpm f4c5098f1ef165692963956fbc844690 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.26mdk-1-1mdk.i586.rpm 957ea9608c9e6488185e1d5b19d615e2 9.2/RPMS/kernel-secure-2.4.22.26mdk-1-1mdk.i586.rpm 6c9bc5e4353a8f336a4bfe928a79bd13 9.2/RPMS/kernel-smp-2.4.22.26mdk-1-1mdk.i586.rpm 8068ecb61313e6157811dbb8fe0f46a1 9.2/RPMS/kernel-source-2.4.22-26mdk.i586.rpm 664a1994ee4c0d90df8f9341afa5b818 9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm 4d92e02dee3945e4b7476ba4bba9bf6d 9.2/SRPMS/kernel-2.4.22.26mdk-1-1mdk.src.rpm Mandrake Linux 9.2/AMD64: 603219ea9ca09a9283c98ebfaab3c1ba amd64/9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.amd64.rpm 2d44e7cd4ff2148e3b9e548fd1beec59 amd64/9.2/RPMS/kernel-2.4.22.27mdk-1-1mdk.amd64.rpm e98224df11f1c5f8c2432457e1e4a004 amd64/9.2/RPMS/kernel-secure-2.4.22.27mdk-1-1mdk.amd64.rpm 0dd710693b0df96ac6b1e68c5f5ad7c9 amd64/9.2/RPMS/kernel-smp-2.4.22.27mdk-1-1mdk.amd64.rpm d3b57b8dd9a19a6b4ed2f8f01cfeb75f amd64/9.2/RPMS/kernel-source-2.4.22-27mdk.amd64.rpm 664a1994ee4c0d90df8f9341afa5b818 amd64/9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm 945e4f9405fcccac6a844a86109b74b6 amd64/9.2/SRPMS/kernel-2.4.22.27mdk-1-1mdk.src.rpm Multi Network Firewall 8.2: 15023427ad0c65e0607e217778bc6672 mnf8.2/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm adc06d97e9468534ec14e330b102180c mnf8.2/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing: gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98 Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE//ZQ2mqjQ0CJFipgRAhbiAJ9Ynq77P20SpN1fUtL/6T/6UHnGegCg8lul m3Iey37txkx7vLqlIj18EAo= =Bsd0 -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc. Affected

Notified: January 05, 2004 Updated: August 19, 2004

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated kernel resolves security vulnerability
Advisory ID: RHSA-2003:417-01
Issue date: 2004-01-05
Updated on: 2004-01-05
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2003-0984 CAN-2003-0985
- ---------------------------------------------------------------------

1. Topic:

Updated kernel packages are now available that fix a security
vulnerability which may allow local users to gain root privileges.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - athlon, i386, i586, i686
Red Hat Linux 7.2 - athlon, i386, i586, i686
Red Hat Linux 7.3 - athlon, i386, i586, i686
Red Hat Linux 8.0 - athlon, i386, i586, i686
Red Hat Linux 9 - athlon, i386, i586, i686

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux
kernel versions 2.4.23 and previous which may allow a local attacker to
gain root privileges. No exploit is currently available; however, it is
believed that this issue is exploitable (although not trivially.) The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0985 to this issue.

All users are advised to upgrade to these errata packages, which contain a
backported security patch that corrects this issue.

Red Hat would like to thank Paul Starzetz from ISEC for disclosing this
issue as well as Andrea Arcangeli and Solar Designer for working on the patch.

These packages also contain a fix for a minor information leak in the real
time clock (rtc) routines. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0984 to this issue.

We have provided kernel updates for Red Hat Linux 7.1-8.0 with this
advisory as these were prepared by us prior to December 31 2003. Please
note that Red Hat Linux 7.1, 7.2, 7.3, and 8.0 have reached their end of
life for errata support and no further errata will be issued for those
distributions.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

90338 - (TUX)password incorrectly parsed + patch to fix the problem

6. RPMs required:

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm

athlon:
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm

ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm

i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-28.7.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm

i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm

athlon:
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm

i586:
ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-28.7.i586.rpm
ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm

athlon:
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm

i586:
ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-28.7.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm

i686:
ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-28.8.src.rpm

athlon:
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.20-28.8.athlon.rpm
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.20-28.8.athlon.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.20-28.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.20-28.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.20-28.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.20-28.8.i386.rpm

i586:
ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.20-28.8.i586.rpm
ftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.20-28.8.i586.rpm

i686:
ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.20-28.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.20-28.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.20-28.8.i686.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kernel-2.4.20-28.9.src.rpm

athlon:
ftp://updates.redhat.com/9/en/os/athlon/kernel-2.4.20-28.9.athlon.rpm
ftp://updates.redhat.com/9/en/os/athlon/kernel-smp-2.4.20-28.9.athlon.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-28.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-source-2.4.20-28.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-doc-2.4.20-28.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-BOOT-2.4.20-28.9.i386.rpm

i586:
ftp://updates.redhat.com/9/en/os/i586/kernel-2.4.20-28.9.i586.rpm
ftp://updates.redhat.com/9/en/os/i586/kernel-smp-2.4.20-28.9.i586.rpm

i686:
ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-28.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-smp-2.4.20-28.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-bigmem-2.4.20-28.9.i686.rpm

7. Verification:

MD5 sum Package Name
- --------------------------------------------------------------------------
6f37a0c884be50f702665dd418e7d8a5 7.1/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm
85dabb948243fcd96fed1946217b3259 7.1/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ba80fcbe3237ece886506446413d6330 7.1/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm
a4b2cd2ad6acb98c045a0644add55ef8 7.1/en/os/i386/kernel-2.4.20-28.7.i386.rpm
46cbf5df2050e923343be59c26eb5714 7.1/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm
9e64a9b15edc09d4a0f75513445f4021 7.1/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
dbc9c6aa900467f4182306545d3bed81 7.1/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
46325c861ee83b2f679b9f8563f2e441 7.1/en/os/i586/kernel-2.4.20-28.7.i586.rpm
51ede5686dc0997c76a14d523e057e67 7.1/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm
ab86ca21757966e2f49d58438b26253a 7.1/en/os/i686/kernel-2.4.20-28.7.i686.rpm
78229375349f57c62f0f1837770cc3f0 7.1/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm
4321ad444747e8e3ebf6e7576b08d6db 7.1/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
6f37a0c884be50f702665dd418e7d8a5 7.2/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm
85dabb948243fcd96fed1946217b3259 7.2/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ba80fcbe3237ece886506446413d6330 7.2/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm
a4b2cd2ad6acb98c045a0644add55ef8 7.2/en/os/i386/kernel-2.4.20-28.7.i386.rpm
46cbf5df2050e923343be59c26eb5714 7.2/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm
9e64a9b15edc09d4a0f75513445f4021 7.2/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
dbc9c6aa900467f4182306545d3bed81 7.2/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
46325c861ee83b2f679b9f8563f2e441 7.2/en/os/i586/kernel-2.4.20-28.7.i586.rpm
51ede5686dc0997c76a14d523e057e67 7.2/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm
ab86ca21757966e2f49d58438b26253a 7.2/en/os/i686/kernel-2.4.20-28.7.i686.rpm
78229375349f57c62f0f1837770cc3f0 7.2/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm
4321ad444747e8e3ebf6e7576b08d6db 7.2/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
6f37a0c884be50f702665dd418e7d8a5 7.3/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm
85dabb948243fcd96fed1946217b3259 7.3/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ba80fcbe3237ece886506446413d6330 7.3/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm
a4b2cd2ad6acb98c045a0644add55ef8 7.3/en/os/i386/kernel-2.4.20-28.7.i386.rpm
46cbf5df2050e923343be59c26eb5714 7.3/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm
9e64a9b15edc09d4a0f75513445f4021 7.3/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
dbc9c6aa900467f4182306545d3bed81 7.3/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
46325c861ee83b2f679b9f8563f2e441 7.3/en/os/i586/kernel-2.4.20-28.7.i586.rpm
51ede5686dc0997c76a14d523e057e67 7.3/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm
ab86ca21757966e2f49d58438b26253a 7.3/en/os/i686/kernel-2.4.20-28.7.i686.rpm
78229375349f57c62f0f1837770cc3f0 7.3/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm
4321ad444747e8e3ebf6e7576b08d6db 7.3/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
7ff4997770e18fd8dfa94dde6ccd9f05 8.0/en/os/SRPMS/kernel-2.4.20-28.8.src.rpm
69096d7bf580f241c2774a75d19a4f6b 8.0/en/os/athlon/kernel-2.4.20-28.8.athlon.rpm
07cc69196376c7cbcad2c4a93aff0be0 8.0/en/os/athlon/kernel-smp-2.4.20-28.8.athlon.rpm
a97ba9aea863b5b49f26259f105e8d8f 8.0/en/os/i386/kernel-2.4.20-28.8.i386.rpm
ab4eac1f8c255a9d70808469e46e918c 8.0/en/os/i386/kernel-BOOT-2.4.20-28.8.i386.rpm
210eb290286bb696f94e9ebe5399d67e 8.0/en/os/i386/kernel-doc-2.4.20-28.8.i386.rpm
312b7e646dc4825617d3a9b485957c67 8.0/en/os/i386/kernel-source-2.4.20-28.8.i386.rpm
90ddcdf7660107c2e297bd2531b4a544 8.0/en/os/i586/kernel-2.4.20-28.8.i586.rpm
25692d7064ab7bc55a17c53ee24e9d3d 8.0/en/os/i586/kernel-smp-2.4.20-28.8.i586.rpm
91ca2b2685cf6c5e0b8d1b9043865bea 8.0/en/os/i686/kernel-2.4.20-28.8.i686.rpm
3fecc24946697e5dd0428df38cbb2198 8.0/en/os/i686/kernel-bigmem-2.4.20-28.8.i686.rpm
40d954506e1b0ad60c7f150d76872ec5 8.0/en/os/i686/kernel-smp-2.4.20-28.8.i686.rpm
5eb1ef7c29f3bd5e3afb9c41d5f688e5 9/en/os/SRPMS/kernel-2.4.20-28.9.src.rpm
954a8afbe2216769a4aaa5b0b597612f 9/en/os/athlon/kernel-2.4.20-28.9.athlon.rpm
198dfae0a67d9aa91f367e90e1a264c7 9/en/os/athlon/kernel-smp-2.4.20-28.9.athlon.rpm
a398b7f0a741ab95ab0b66929c48dc95 9/en/os/i386/kernel-2.4.20-28.9.i386.rpm
e394c681c64e22a94ed22dd8a510aad0 9/en/os/i386/kernel-BOOT-2.4.20-28.9.i386.rpm
8355d266e3c354e97099add60ea25331 9/en/os/i386/kernel-doc-2.4.20-28.9.i386.rpm
12ad6c3ad16ddee2ad6c3ba579005a9d 9/en/os/i386/kernel-source-2.4.20-28.9.i386.rpm
0047dac37b4f888e53b5b304524b795d 9/en/os/i586/kernel-2.4.20-28.9.i586.rpm
08a3391dcb7f5532310ce234d2570bd0 9/en/os/i586/kernel-smp-2.4.20-28.9.i586.rpm
6cdbe7002a6834dc1aa27cc5f47ba5a7 9/en/os/i686/kernel-2.4.20-28.9.i686.rpm
3788274eba272ef23704bec4cb19e4af 9/en/os/i686/kernel-bigmem-2.4.20-28.9.i686.rpm
d9fe2e46b08f596e19a49ae724d2db5a 9/en/os/i686/kernel-smp-2.4.20-28.9.i686.rpm

These packages are GPG signed by Red Hat for security. Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:

md5sum <filename>

8. References:

http://www.securityfocus.com/bid/9154/discussion/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/+V6NXlSAg2UNWIIRAmTUAJ4umvzPTN6Fa6RxQnjpiv3tUvhTtwCgkNnu
8haiGz6VTVazKRDmIKAa7Yo=
=2MIc
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI Affected

Notified: January 22, 2004 Updated: March 16, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SGI has published two advisories to address this vulnerability. For more information, please see:

ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U.asc

ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Slackware Affected

Notified: January 06, 2004 Updated: March 16, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Slackware has published several advisories to address this vulnerability. For further information, please see:

http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2004&m=slackware-security.757729

http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2004&m=slackware-security.458438

http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE Inc. Affected

Notified: January 05, 2004 Updated: August 19, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SuSE has published Security Announcements SuSE-SA:2004:001 and SuSE-SA:2004:003 to address this vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix Secure Linux Affected

Notified: January 05, 2004 Updated: March 09, 2004

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2004-0001 Package name: kernel Summary: mremap fix Date: 2004-01-05 Affected versions: TSL 2.0 - -------------------------------------------------------------------------- Package description: The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Problem description: The kernel packages prior to this update suffers from a bug in the mremap function. This issue is fixed in this update. We have also fixed some minor bugs in the structure of the packages. Action: We recommend that all systems with this package installed be upgraded. Location: All TSL updates are available from <URI:http://http.trustix.org/pub/trustix/updates/> <URI:ftp://ftp.trustix.org/pub/trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Public testing: Most updates for Trustix are made available for public testing some time before release. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://tsldev.trustix.org/cloud/> You may also use swup for public testing of updates: site { class = 0 location = "http://tsldev.trustix.org/cloud/rdfs/latest.rdf" regexp = ".*" } Questions? Check out our mailing lists: <URI:http://www.trustix.org/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.org/TSL-SIGN-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.0/> or directly at <URI:http://www.trustix.org/errata/misc/2004/TSL-2004-0001-kernel.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 21778052346a0cf581056c4d4fdd9fed ./srpms/kernel-2.4.23-3tr.src.rpm d4c33e78d6d445419c0375cf847d01f0 ./rpms/kernel-utils-2.4.23-3tr.i586.rpm 48ff81d9a03a77e4f875c5a7260e8001 ./rpms/kernel-source-2.4.23-3tr.i586.rpm ffdccc0e67d07cd8f0af89e7bc6c6f27 ./rpms/kernel-smp-2.4.23-3tr.i586.rpm 38566364225adfc7c007d42f50d8cdc3 ./rpms/kernel-firewallsmp-2.4.23-3tr.i586.rpm 8c04b18da1337768187b72aa624bc196 ./rpms/kernel-firewall-2.4.23-3tr.i586.rpm d73cb52aa25892d9eab03090f5ec6cd2 ./rpms/kernel-doc-2.4.23-3tr.i586.rpm 7206d43149f8fa1b23d31dfa18387e08 ./rpms/kernel-BOOT-2.4.23-3tr.i586.rpm 97cbc7221af8904515eb728eeae34eeb ./rpms/kernel-2.4.23-3tr.i586.rpm - -------------------------------------------------------------------------- TSL Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/+YW+i8CEzsK9IksRAtIMAKCinbMfyABrMoRmG5Sm32k5+80IUQCgrKtR NYvos8discldMQgmL5iQIis= =SDI8 -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TurboLinux Affected

Notified: January 06, 2004 Updated: March 09, 2004

Status

Affected

Vendor Statement

<supp_info@turbolinux.co.jp> Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/+jHsK0LzjOqIJMwRAmKgAJ9lsDB19QPplRaX2f9bjekaMPkCtACeNgfi 9CSZg6sN3tPlfNhFr4q+PAk= =uB9b -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

VMware Affected

Notified: January 28, 2004 Updated: March 16, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

VMware has published multiple advisories to address this vulnerability. For more information, see:

http://www.vmware.com/download/esx/esx201-6991update.html

http://www.vmware.com/download/esx/esx20-6992update.html

http://www.vmware.com/download/esx/esx152-6994update.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company Unknown

Updated: August 19, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM eServer Unknown

Updated: August 19, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks Unknown

Updated: August 19, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software Unknown

Updated: August 19, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell Unknown

Updated: August 19, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux Unknown

Updated: August 19, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent Unknown

Updated: August 19, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc. Unknown

Updated: August 19, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wirex Unknown

Notified: March 16, 2004 Updated: August 19, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 20 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by Paul Starzetz.

This document was written by Jeffrey P. Lanza.

Other Information

CVE IDs:	CVE-2003-0985
Severity Metric:	13.54
Date Public:	2004-01-05
Date First Published:	2004-03-09
Date Last Updated:	2004-08-19 23:33 UTC
Document Revision:	23

Software Engineering Institute

CERT Coordination Center

Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length

Vulnerability Note VU#490620

Overview

Description

Impact

Solution

Vendor Information

Conectiva Affected

Status

Vendor Statement

Vendor Information

Addendum

Debian Affected

Status

Vendor Statement

Vendor Information

Addendum

Guardian Digital Inc. Affected

Status

Vendor Statement

Vendor Information

Addendum

MandrakeSoft Affected

Status

Vendor Statement

Vendor Information

Addendum

Red Hat Inc. Affected

Status

Vendor Statement

Vendor Information

Addendum

SGI Affected

Status

Vendor Statement

Vendor Information

Addendum

Slackware Affected

Status

Vendor Statement

Vendor Information

Addendum

SuSE Inc. Affected

Status

Vendor Statement

Vendor Information

Addendum

Trustix Secure Linux Affected

Status

Vendor Statement

Vendor Information

Addendum

TurboLinux Affected

Status

Vendor Statement

Vendor Information

Addendum

VMware Affected

Status

Vendor Statement

Vendor Information

Addendum

Hewlett-Packard Company Unknown

Status

Vendor Statement

Vendor Information

Addendum

IBM eServer Unknown

Status

Vendor Statement

Vendor Information

Addendum

Ingrian Networks Unknown

Status

Vendor Statement

Vendor Information

Addendum

MontaVista Software Unknown