Rumors of Third Vulnerability in Linux Kernel Prove Unfounded

    Date10 Mar 2004
    4736
    Posted ByAnthony Pell
    A story published yesterday by SearchEnterpriseLinux.com incorrectly reported that a third mremap vulnerability had been discovered in the Linux kernel. Separate and unrelated flaws had been reported in the memory management system call in January and February. On March 1, researcher Paul Starzetz released an update to his initial advisory that a robust proof-of-concept exploit code had been produced for the flaw detailed in February. "The vulerability is very easy to exploit once you have got local (shell) access to the system," Starzetz said in an e-mail to SearchEnterpriseLinux.com. The flaws enable attackers to gain root access to vulnerable systems, Starzetz said. . . . A story published yesterday by SearchEnterpriseLinux.com incorrectly reported that a third mremap vulnerability had been discovered in the Linux kernel.

    Separate and unrelated flaws had been reported in the memory management system call in January and February. On March 1, researcher Paul Starzetz released an update to his initial advisory that a robust proof-of-concept exploit code had been produced for the flaw detailed in February.

    "The vulerability is very easy to exploit once you have got local (shell) access to the system," Starzetz said in an e-mail to SearchEnterpriseLinux.com.

    The flaws enable attackers to gain root access to vulnerable systems, Starzetz said.

    "Both bugs have been found in the same piece of code. The first one [released Jan. 5] was due to invalid argument input to the mremap system call. The second [released Jan. 18] concerns an unchecked use of the do_munmap internal kernel function inside the mremap code which may be forced to fail by preparing the virtual memory of the calling process in a special way," Starzetz said.

    The flaw, deemed critical, was discovered by Starzetz and his research team at Polish security consultancy ISec. Kernel versions up to and including 2.2.25, 2.4 to 2.4.24 and 2.6 and up are affected and should be repaired immediately by downloading fixes from kernel.org or a Linux distributor.

    "Since no special privileges are required to use the mremap system call any process may use its unexpected behavior to disrupt the kernel memory management subsystem," said an alert from iSec. "Proper exploitation of this vulnerability leads to local privilege escalation giving an attacker full super-user privileges."

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"4","type":"x","order":"1","pct":80,"resources":[]},{"id":"56","title":"No","votes":"1","type":"x","order":"2","pct":20,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.