[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Second critical mremap() bug found in all Linux kernels
- To: security@isec.pl
- Subject: Re: [Full-Disclosure] Second critical mremap() bug found in all Linux kernels
- From: Daniel Lorch <ml-daniel@lorch.cc>
- Date: Thu, 19 Feb 2004 01:34:18 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi
I checked LKML and Marcelo seems to recommend upgrading to 2.4.25.
This is currently not an option for me, as grsecurity-1.9.13-
2.4.24.patch won't properly apply against it. A friend (thanks,
Eike Frost) then pointed me to the following URL (bkbits reposi-
tory):
http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mremap.c@1.8?nav=index.html|ChangeSet@-4d|cset@1.1323
After applying this patch the PoC provided by Christophe Devine
reports "kernel my not be vulnerable". This seems to have resolved
the issue. Hope this helps others, too.
$ uname -a
Linux tsunami4 2.4.24-grsec #3 Thu Feb 19 01:00:39 CET 2004 i686 unknown
$ ./a.out
mmap: Cannot allocate memory
created ~65531 VMAs
now mremapping 0x3FFE9000 at 0x3FFE5000
kernel may not be vulnerable
daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFANARrS2WJ/hBy2k8RAsDgAKDsgrKBcskZP9aZjsoAj8BmwIgDYACgtBxA
xC9pqZXxm585HcC4aO0XEvw=
=wKiN
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html