[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Re: Second critical mremap() bug found in all Linux kernels

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Re: Re: Second critical mremap() bug found in all Linux kernels
From: "i.t Consulting" <fulldis@it97.dyndns.org>
Date: Thu, 19 Feb 2004 10:24:07 +0100

Am Wednesday 18 February 2004 17:01 schrieb Gregory A. Gilliss:
> There's a hole. Here's how you test/exploit the hole. The script k1dd13z
> have it now. Fix it quick. Don't wait! Full disclosure. Not necessarily
$ uname -a
Linux 2.4.22-gss #1 Sun Nov 30 09:08:04 CET 2003 i686 AMD Athlon(tm) XP 2000+ 
AuthenticAMD GNU/Linux

$ gcc -W -Wall mremap_poc_2.c && ./a.out
mmap: Cannot allocate memory
created ~65536 VMAs
now mremapping 0x3FFFC000 at 0x3FFF9000
kernel may not be vulnerable
-- 
 . ___
 |  | 
 |  | 
       

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Re: Second critical mremap() bug found in all Linux kernels
  - From: Paul Starzetz <ihaquer@isec.pl>
- Re: [Full-Disclosure] Re: Second critical mremap() bug found in all Linux kernels
  - From: "Gregory A. Gilliss" <ggilliss@netpublishing.com>

Prev by Date: RE: [Full-Disclosure] InfoSec sleuths beware ...
Next by Date: [Full-Disclosure] [SECURITY] [DSA 442-1] New Linux 2.4.17 packages fix local root exploits and more (s390)
Previous by thread: Re: [Full-Disclosure] Re: Second critical mremap() bug found in all Linux kernels
Next by thread: RE: [Full-Disclosure] Re: Second critical mremap() bug found in all Linux kernels
Index(es):
- Date
- Thread