CVE-2003-0985

Severity

72%

Complexity

39%

Confidentiality

165%

The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.

The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Linux Kernel

First reported 21 years ago

2004-01-20 05:00:00

Last updated 6 years ago

2018-05-03 01:29:00

Affected Software

Linux Kernel 2.4.0

2.4.0

Linux Kernel 2.4.0 test1

2.4.0

Linux Kernel 2.4.0 test10

2.4.0

Linux Kernel 2.4.0 test11

2.4.0

Linux Kernel 2.4.0 test12

2.4.0

Linux Kernel 2.4.0 test2

2.4.0

Linux Kernel 2.4.0 test3

2.4.0

Linux Kernel 2.4.0 test4

2.4.0

Linux Kernel 2.4.0 test5

2.4.0

Linux Kernel 2.4.0 test6

2.4.0

Linux Kernel 2.4.0 test7

2.4.0

Linux Kernel 2.4.0 test8

2.4.0

Linux Kernel 2.4.0 test9

2.4.0

Linux Kernel 2.4.1

2.4.1

Linux Kernel 2.4.2

2.4.2

Linux Kernel 2.4.3

2.4.3

Linux Kernel 2.4.4

2.4.4

Linux Kernel 2.4.5

2.4.5

Linux Kernel 2.4.6

2.4.6

Linux Kernel 2.4.7

2.4.7

Linux Kernel 2.4.8

2.4.8

Linux Kernel 2.4.9

2.4.9

Linux Kernel 2.4.10

2.4.10

Linux Kernel 2.4.11

2.4.11

Linux Kernel 2.4.12

2.4.12

Linux Kernel 2.4.13

2.4.13

Linux Kernel 2.4.14

2.4.14

Linux Kernel 2.4.15

2.4.15

Linux Kernel 2.4.16

2.4.16

Linux Kernel 2.4.17

2.4.17

Linux Kernel 2.4.18

2.4.18

Linux Kernel 2.4.18 pre1

2.4.18

Linux Kernel 2.4.18 pre2

2.4.18

Linux Kernel 2.4.18 pre3

2.4.18

Linux Kernel 2.4.18 pre4

2.4.18

Linux Kernel 2.4.18 pre5

2.4.18

Linux Kernel 2.4.18 pre6

2.4.18

Linux Kernel 2.4.18 pre7

2.4.18

Linux Kernel 2.4.18 pre8

2.4.18

Linux Kernel 2.4.19

2.4.19

Linux Kernel 2.4.19 pre1

2.4.19

Linux Kernel 2.4.19 pre2

2.4.19

Linux Kernel 2.4.19 pre3

2.4.19

Linux Kernel 2.4.19 pre4

2.4.19

Linux Kernel 2.4.19 pre5

2.4.19

Linux Kernel 2.4.19 pre6

2.4.19

Linux Kernel 2.4.20

2.4.20

Linux Kernel 2.4.21

2.4.21

Linux Kernel 2.4.21 pre1

2.4.21

Linux Kernel 2.4.21 pre4

2.4.21

Linux Kernel 2.4.21 pre7

2.4.21

Linux Kernel 2.4.22

2.4.22

Linux Kernel 2.4.23

2.4.23

References

20040102-01-U

20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)

CLA-2004:799

IMNX-2004-73-001-01

http://isec.pl/vulnerabilities/isec-0013-mremap.txt

http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap

2004-0001

20040105 Linux kernel mremap vulnerability

20040105 Linux kernel do_mremap() proof-of-concept exploit code

20040106 Linux mremap bug correction

20040107 [slackware-security] Kernel security update (SSA:2004-006-01)

20040112 SmoothWall Project Security Advisory SWP-2004:001

10532

20163

20202

20338

http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0

O-045

DSA-413

DSA-417

DSA-423

DSA-427

DSA-439

DSA-440

DSA-442

DSA-450

DSA-470

DSA-475

DSA-1067

DSA-1069

DSA-1070

DSA-1082

VU#490620

US Government Resource

http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24

ESA-20040105-001

Patch, Vendor Advisory

MDKSA-2004:001

SuSE-SA:2004:003

3315

RHSA-2003:416

RHSA-2003:417

Patch, Vendor Advisory

RHSA-2003:418

RHSA-2003:419

9356

Exploit, Patch, Vendor Advisory

linux-domremap-gain-privileges(14135)

oval:org.mitre.oval:def:860

oval:org.mitre.oval:def:867

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.