"The do_mremap function for the mremap in Linux 2.2 to 2.2.25, 2.4 to
2.4.24, and 2.6 to 2.6.2, does not properly check the return value
from the do_munmap function when the maximum number of VMA
descriptors is exceeded, which allows local users to gain root
privileges, a different vulnerability than CAN-2003-0985."
Note, this is different from the earlier mremap() vulnerability. To protect
your system from this latest privilege escalation flaw you should upgrade
to Linux 2.6.3 or 2.4.25 -- grab it at http://www.kernel.org/
My own kernel build & install guide:
http://www.pc9.org/guides/linux_kernel.html
--
Jem Berkes
http://www.sysdesign.ca/
Following up, here's the original advisory from the reserachers:
http://www.isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
They claim:
"We were able to create a robust proof-of-concept exploit
code giving full super-user privileges on all vulnerable
kernel versions. The exploit code will be released next week."
Upgrading or patching your kernel is thus highly recommended ;)