Local root vulnerability in kernel <= 2.4.24 and <= 2.6.2

[Jem Berkes]

This seems important, but haven't heard much about it recently:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077

"The do_mremap function for the mremap in Linux 2.2 to 2.2.25, 2.4 to
2.4.24, and 2.6 to 2.6.2, does not properly check the return value
from the do_munmap function when the maximum number of VMA
descriptors is exceeded, which allows local users to gain root
privileges, a different vulnerability than CAN-2003-0985."

Note, this is different from the earlier mremap() vulnerability. To protect
your system from this latest privilege escalation flaw you should upgrade
to Linux 2.6.3 or 2.4.25 -- grab it at http://www.kernel.org/

My own kernel build & install guide:
http://www.pc9.org/guides/linux_kernel.html

--
Jem Berkes
http://www.sysdesign.ca/

[Jem Berkes]

> This seems important, but haven't heard much about it recently:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077

Following up, here's the original advisory from the reserachers:
http://www.isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt

They claim:
"We were able to create a robust proof-of-concept exploit
code giving full super-user privileges on all vulnerable
kernel versions. The exploit code will be released next week."

Upgrading or patching your kernel is thus highly recommended ;)