CVE-2004-0077

Description

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.

Affected products

• Linux / Linux kernel2.4.21 – 2.4.21
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.1 – 2.6.1
• Linux / Linux kernel2.6.1 – 2.6.1
• Linux / Linux kernel2.6.2 – 2.6.2
• Linux / Linux kernel2.6_test9_cvs – 2.6_test9_cvs
• Linux / Linux kernel2.2.0 – 2.2.0
• Linux / Linux kernel2.2.1 – 2.2.1
• Linux / Linux kernel2.2.2 – 2.2.2
• Linux / Linux kernel2.2.3 – 2.2.3
• Linux / Linux kernel2.2.4 – 2.2.4
• Linux / Linux kernel2.2.5 – 2.2.5
• Linux / Linux kernel2.2.6 – 2.2.6
• Linux / Linux kernel2.2.7 – 2.2.7
• Linux / Linux kernel2.2.8 – 2.2.8
• Linux / Linux kernel2.2.9 – 2.2.9
• Linux / Linux kernel2.2.10 – 2.2.10
• Linux / Linux kernel2.2.11 – 2.2.11
• Linux / Linux kernel2.2.12 – 2.2.12
• Linux / Linux kernel2.2.13 – 2.2.13
• Linux / Linux kernel2.2.14 – 2.2.14
• Linux / Linux kernel2.2.15 – 2.2.15
• Linux / Linux kernel2.2.15 – 2.2.15
• Linux / Linux kernel2.2.15_pre20 – 2.2.15_pre20
• Linux / Linux kernel2.2.16 – 2.2.16
• Linux / Linux kernel2.2.16 – 2.2.16
• Linux / Linux kernel2.2.17 – 2.2.17
• Linux / Linux kernel2.2.18 – 2.2.18
• Linux / Linux kernel2.2.19 – 2.2.19
• Linux / Linux kernel2.2.20 – 2.2.20
• Linux / Linux kernel2.2.21 – 2.2.21
• Linux / Linux kernel2.2.22 – 2.2.22
• Linux / Linux kernel2.2.23 – 2.2.23
• Linux / Linux kernel2.2.24 – 2.2.24
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.0 – 2.4.0
• Linux / Linux kernel2.4.1 – 2.4.1
• Linux / Linux kernel2.4.2 – 2.4.2
• Linux / Linux kernel2.4.3 – 2.4.3
• Linux / Linux kernel2.4.4 – 2.4.4
• Linux / Linux kernel2.4.5 – 2.4.5
• Linux / Linux kernel2.4.6 – 2.4.6
• Linux / Linux kernel2.4.7 – 2.4.7
• Linux / Linux kernel2.4.8 – 2.4.8
• Linux / Linux kernel2.4.9 – 2.4.9
• Linux / Linux kernel2.4.10 – 2.4.10
• Linux / Linux kernel2.4.11 – 2.4.11
• Linux / Linux kernel2.4.12 – 2.4.12
• Linux / Linux kernel2.4.13 – 2.4.13
• Linux / Linux kernel2.4.14 – 2.4.14
• Linux / Linux kernel2.4.15 – 2.4.15
• Linux / Linux kernel2.4.16 – 2.4.16
• Linux / Linux kernel2.4.17 – 2.4.17
• Linux / Linux kernel2.4.18 – 2.4.18
• Linux / Linux kernel2.4.18 – 2.4.18
• Linux / Linux kernel2.4.18 – 2.4.18
• Linux / Linux kernel2.4.18 – 2.4.18
• Linux / Linux kernel2.4.18 – 2.4.18
• Linux / Linux kernel2.4.18 – 2.4.18
• Linux / Linux kernel2.4.18 – 2.4.18
• Linux / Linux kernel2.4.18 – 2.4.18
• Linux / Linux kernel2.4.18 – 2.4.18
• Linux / Linux kernel2.4.18 – 2.4.18
• Linux / Linux kernel2.4.19 – 2.4.19
• Linux / Linux kernel2.4.19 – 2.4.19
• Linux / Linux kernel2.4.19 – 2.4.19
• Linux / Linux kernel2.4.19 – 2.4.19
• Linux / Linux kernel2.4.19 – 2.4.19
• Linux / Linux kernel2.4.19 – 2.4.19
• Linux / Linux kernel2.4.19 – 2.4.19
• Linux / Linux kernel2.4.20 – 2.4.20
• Linux / Linux kernel2.4.21 – 2.4.21
• Linux / Linux kernel2.4.21 – 2.4.21
• Linux / Linux kernel2.4.21 – 2.4.21
• Linux / Linux kernel2.4.22 – 2.4.22
• Linux / Linux kernel2.4.23 – 2.4.23
• Linux / Linux kernel2.4.23 – 2.4.23
• Linux / Linux kernel2.4.24 – 2.4.24
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.0 – 2.6.0
• Linux / Linux kernel2.6.0 – 2.6.0
• netwosix / netwosix_linux1.0 – 1.0
• RedHat / bigmem_kernel2.4.20-8 – 2.4.20-8
• RedHat / kernel2.4.20-8 – 2.4.20-8
• RedHat / kernel2.4.20-8 – 2.4.20-8
• RedHat / kernel2.4.20-8 – 2.4.20-8
• RedHat / kernel2.4.20-8 – 2.4.20-8
• RedHat / kernel2.4.20-8 – 2.4.20-8
• RedHat / kernel_doc2.4.20-8 – 2.4.20-8
• RedHat / kernel_source2.4.20-8 – 2.4.20-8
• trustix / secure_linux1.5 – 1.5
• trustix / secure_linux2.0 – 2.0

References

• MISChttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-450
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-440
• MISChttp://www.redhat.com/support/errata/RHSA-2004-069.html
• MISChttp://www.ciac.org/ciac/bulletins/o-082.shtml
• MISChttp://fedoranews.org/updates/FEDORA-2004-079.shtml
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-439
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-475
• MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
• MISChttp://www.redhat.com/support/errata/RHSA-2004-106.html
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-442
• MISChttp://www.redhat.com/support/errata/RHSA-2004-065.html
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-470
• VENDOR_ADVISORYhttp://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015
• MISChttp://www.securityfocus.com/bid/9686
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-438
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-514
• MISChttp://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-456
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837
• MISChttp://security.gentoo.org/glsa/glsa-200403-02.xml
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-441
• MISChttp://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-454
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15244
• MAILING_LISThttp://marc.info/?l=bugtraq&m=107711762014175&w=2
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-444
• MISChttp://www.redhat.com/support/errata/RHSA-2004-066.html
• MAILING_LISThttp://marc.info/?l=bugtraq&m=107755871932680&w=2
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-453
• MISChttp://www.osvdb.org/3986
• MISChttp://www.kb.cert.org/vuls/id/981222
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-466
• MAILING_LISThttp://marc.info/?l=bugtraq&m=107712137732553&w=2