Executive Summary
Summary | |
---|---|
Title | New Linux 2.4.17 packages fix local root exploit (mips+mipsel) |
Informations | |||
---|---|---|---|
Name | DSA-441 | First vendor Publication | 2004-02-18 |
Vendor | Debian | Last vendor Modification | 2004-02-18 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. For the stable distribution (woody) this problem has been fixed in version 2.4.17-0.020226.2.woody5 for mips and mipsel kernel images. Other architectures will probably mentioned in a separate advisory or are not affected (m68k). For the unstable distribution (sid) this problem will be fixed soon with the next upload of a 2.4.19 kernel image and in version 2.4.22-0.030928.3 for 2.4.22 for the mips and mipsel architectures. This problem is also fixed in the upstream version of Linux 2.4.25 and 2.6.3. We recommend that you upgrade your Linux kernel packages immediately. |
Original Source
Url : http://www.debian.org/security/2004/dsa-441 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11137 | |||
Oval ID: | oval:org.mitre.oval:def:11137 | ||
Title: | The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. | ||
Description: | The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0077 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:825 | |||
Oval ID: | oval:org.mitre.oval:def:825 | ||
Title: | Red Hat Enterprise 3 Linux Kernel do_mremap Privilege Escalation Vulnerability | ||
Description: | The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0077 | Version: | 2 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | mremap |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:837 | |||
Oval ID: | oval:org.mitre.oval:def:837 | ||
Title: | Red Hat Linux Kernel do_mremap Privilege Escalation Vulnerability | ||
Description: | The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0077 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | mremap |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 3 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200403-02 (Kernel) File : nvt/glsa_200403_02.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 438-1 (kernel) File : nvt/deb_438_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 439-1 (kernel) File : nvt/deb_439_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 440-1 (kernel-source-2.4.17, kernel-patch-2.4.17... File : nvt/deb_440_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 441-1 (kernel-patch-2.4.17-mips) File : nvt/deb_441_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 442-1 (kernel-patch-2.4.17-s390, kernel-image-2.... File : nvt/deb_442_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 444-1 (kernel-image-2.4.17-ia64) File : nvt/deb_444_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 450-1 (kernel-source-2.4.19, kernel-patch-2.4.19... File : nvt/deb_450_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 453-1 (kernel) File : nvt/deb_453_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 454-1 (kernel-source-2.2.22, kernel-image-2.2.22... File : nvt/deb_454_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 456-1 (kernel) File : nvt/deb_456_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 466-1 (kernel-source-2.2.10, kernel-image-2.2.10... File : nvt/deb_466_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 470-1 (kernel-image-2.4.17-hppa) File : nvt/deb_470_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 475-1 (kernel-image-2.4.17-hppa) File : nvt/deb_475_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 514-1 (kernel-source-2.2.20, kernel-image-2.2-sp... File : nvt/deb_514_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-049-01 Kernel security update File : nvt/esoft_slk_ssa_2004_049_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3986 | Linux Kernel mremap() Missing Return Value Checking
Privilege Escalation The Linux kernel contains a flaw that may allow a malicious user to gain access to unauthorized privileges due to improper checks on return values performed in the do_mremap function for the mremap system call. This flaw may lead to a loss of Confidentiality, Integrity and Availability. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-049-01.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-438.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-514.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-475.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-470.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-466.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-456.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-454.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-453.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-450.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-444.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-442.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-441.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-440.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-439.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200403-02.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-015.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_005.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-079.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-066.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-069.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:05 |
|