-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ia te uita, chiar am avut dreptate lol!
http://isec.pl/vulnerabilities/isec-0013-mremap.txt Impact: ======= Since no special privileges are required to use the mremap(2) system call any process may misuse its unexpected behavior to disrupt the kernel memory management subsystem. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access. Proof-of-concept exploit code has been created and successfully tested giving UID 0 shell on vulnerable systems. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ On Mon, 5 Jan 2004, Mihai RUSU wrote: > Salut > > Este bug imporant de local root compromise (cred) in mremap.c, treceti > repede la 2.4.24 (cei care urmaresc lkml cred ca s-au amuzat de viteza cu > care 2.4.24-rc1 a devenit 2.4.24 lol). > > Patchul de care zic eu ar fi: > --- linux-2.4.23/mm/mremap.c 2003-08-25 11:44:44.000000000 +0000 > +++ linux-2.4.24-rc1/mm/mremap.c 2004-01-04 20:52:19.000000000 > +0000 > @@ -241,6 +241,13 @@ > > if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len) > goto out; > + /* > + * Allow new_len == 0 only if new_addr == addr > + * to preserve truncation in place (that was working > + * safe and some app may depend on it). > + */ > + if (unlikely(!new_len && new_addr != addr)) > + goto out; > > /* Check if the location we're moving into overlaps the > * old location at all, and fail if it does. > > PS: :((( si eu care tocmai bootasem 2.4.24-rc1 lol! > > -- > Mihai RUSU Email: [EMAIL PROTECTED] > GPG : http://dizzy.roedu.net/dizzy-gpg.txt WWW: http://dizzy.roedu.net > "Linux is obsolete" -- AST > Date: Mon, 5 Jan 2004 05:55:57 -0800 > From: Marcelo Tosatti <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: linux-2.4.24 released > > final: > > - 2.4.24-rc1 was released as 2.4.24 with no changes. > > > Summary of changes from v2.4.23 to v2.4.24-rc1 > ============================================ > > <bjorn.helgaas:hp.com>: > o Fix 2.4 EFI RTC oops > > <marcelo.tosatti:cyclades.com>: > o Andrea Arcangeli: malicious users of mremap() syscall can gain priviledges > > <marcelo:logos.cnet>: > o Harald Welte: Fix ipchains MASQUERADE oops > o Change EXTRAVERSION to 2.4.24-rc1 > > <trini:mvista.com>: > o /dev/rtc can leak parts of kernel memory to unpriviledged users > > Jean Tourrilhes: > o IrDA kernel log buster > > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ - -- Mihai RUSU Email: [EMAIL PROTECTED] GPG : http://dizzy.roedu.net/dizzy-gpg.txt WWW: http://dizzy.roedu.net "Linux is obsolete" -- AST -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/+YDePZzOzrZY/1QRAvtgAJ4t3BnwIMAeE9/AtQmmdLeLuYO8mwCgooOX bL50E6wyEPjhE9cIDXQFoRs= =yGyn -----END PGP SIGNATURE----- --- Detalii despre listele noastre de mail: http://www.lug.ro/
