Executive Summary
Summary | |
---|---|
Title | New Linux 2.4.18 packages fix several local root exploits (hppa) |
Informations | |||
---|---|---|---|
Name | DSA-475 | First vendor Publication | 2004-04-05 |
Vendor | Debian | Last vendor Modification | 2004-04-05 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the PA-RISC kernel 2.4.18 for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update: CAN-2003-0961: An integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23. CAN-2003-0985: Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. Fixed upstream in Linux 2.4.24. CAN-2004-0077: Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3. Please note that the source package has to include a lot of updates in order to compile the package, which wasn't possible with the old source package. For the stable distribution (woody) these problems have been fixed in version 62.1 of kernel-image-2.4.18-hppa. For the unstable distribution (sid) these problems have been fixed in version 2.4.25-1 of kernel-image-2.4.25-hppa. We recommend that you upgrade your Linux kernel packages immediately. |
Original Source
Url : http://www.debian.org/security/2004/dsa-475 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10189 | |||
Oval ID: | oval:org.mitre.oval:def:10189 | ||
Title: | The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077. | ||
Description: | The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0985 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11137 | |||
Oval ID: | oval:org.mitre.oval:def:11137 | ||
Title: | The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. | ||
Description: | The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0077 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:825 | |||
Oval ID: | oval:org.mitre.oval:def:825 | ||
Title: | Red Hat Enterprise 3 Linux Kernel do_mremap Privilege Escalation Vulnerability | ||
Description: | The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0077 | Version: | 2 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | mremap |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:837 | |||
Oval ID: | oval:org.mitre.oval:def:837 | ||
Title: | Red Hat Linux Kernel do_mremap Privilege Escalation Vulnerability | ||
Description: | The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0077 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | mremap |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:860 | |||
Oval ID: | oval:org.mitre.oval:def:860 | ||
Title: | Red Hat Linux Kernel do_mremap Denial of Service Vulnerability | ||
Description: | The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0985 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | Linux kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:867 | |||
Oval ID: | oval:org.mitre.oval:def:867 | ||
Title: | Red Hat Enterprise 3 Linux Kernel do_mremap Denial of Service Vulnerability | ||
Description: | The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0985 | Version: | 2 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | Linux kernel |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200403-02 (Kernel) File : nvt/glsa_200403_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200312-02 (Kernel) File : nvt/glsa_200312_02.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 442-1 (kernel-patch-2.4.17-s390, kernel-image-2.... File : nvt/deb_442_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 514-1 (kernel-source-2.2.20, kernel-image-2.2-sp... File : nvt/deb_514_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 475-1 (kernel-image-2.4.17-hppa) File : nvt/deb_475_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 470-1 (kernel-image-2.4.17-hppa) File : nvt/deb_470_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 466-1 (kernel-source-2.2.10, kernel-image-2.2.10... File : nvt/deb_466_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 456-1 (kernel) File : nvt/deb_456_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 454-1 (kernel-source-2.2.22, kernel-image-2.2.22... File : nvt/deb_454_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 453-1 (kernel) File : nvt/deb_453_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 450-1 (kernel-source-2.4.19, kernel-patch-2.4.19... File : nvt/deb_450_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 444-1 (kernel-image-2.4.17-ia64) File : nvt/deb_444_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1067-1 (kernel 2.4.16) File : nvt/deb_1067_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 441-1 (kernel-patch-2.4.17-mips) File : nvt/deb_441_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 440-1 (kernel-source-2.4.17, kernel-patch-2.4.17... File : nvt/deb_440_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 439-1 (kernel) File : nvt/deb_439_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 438-1 (kernel) File : nvt/deb_438_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 433-1 (kernel-patch-2.4.17-mips) File : nvt/deb_433_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 427-1 (kernel-patch-2.4.17-mips) File : nvt/deb_427_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 423-1 (kernel-image-2.4.17-ia64) File : nvt/deb_423_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 417-2 (kernel-image-2.4.18-1-alpha) File : nvt/deb_417_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 417-1 (kernel-patch-2.4.18-powerpc, kernel-image... File : nvt/deb_417_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 413-1 (kernel-source-2.4.18, kernel-image-2.4.18... File : nvt/deb_413_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 403-1 (kernel-image-2.4.18-1-alpha, kernel-image... File : nvt/deb_403_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1082-1 (kernel-2.4.17) File : nvt/deb_1082_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-... File : nvt/deb_1070_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2003-336-01 Kernel security update File : nvt/esoft_slk_ssa_2003_336_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-006-01 Kernel security update File : nvt/esoft_slk_ssa_2004_006_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-049-01 Kernel security update File : nvt/esoft_slk_ssa_2004_049_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3986 | Linux Kernel mremap() Missing Return Value Checking
Privilege Escalation The Linux kernel contains a flaw that may allow a malicious user to gain access to unauthorized privileges due to improper checks on return values performed in the do_mremap function for the mremap system call. This flaw may lead to a loss of Confidentiality, Integrity and Availability. |
3315 | Linux Kernel do_mremap() Privilege Escalation A local overflow exists in the Linux kernel. The do_mremap() function fails to perform bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of confidentiality, integrity, and/or availability. |
2887 | Linux Kernel do_brk local Overflow A flaw exists in the Linux kernel which allows a local user to map kernel memory segments into an unprivileged process. Specifically, the do_brk function does not verify that the allocated memory range does not exceed the TASK_SIZE constant. The do_brk function is called by the ELF executable loader and the mmap system call, however only the mmap method is exploitable. Once kernel memory access has been obtained, a number of tricks can be used to gain superuser privileges. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-006-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-008-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-049-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2003-336-01.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-454.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-514.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-475.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-470.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-466.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-456.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-453.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-450.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-444.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-442.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-440.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-439.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-438.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-433.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-427.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-423.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-417.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-413.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-403.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-441.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200403-02.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-110.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-001.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-015.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_005.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2003_049.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-079.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2003-046.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-389.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-416.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-419.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-066.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-069.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:12 |
|