Bugtraq mailing list archives
RE: Second critical mremap() bug found in all Linux kernels
From: <tlarholm () pivx com>
Date: Wed, 18 Feb 2004 11:49:51 -0800
The mremap() fix in the diff file for the 2.4.24-ow1 kernel patch dates from January 8, 2004 ( http://www.openwall.com/linux/linux-2.4.24-ow1.tar.gz ). The exact same code fix in the 2.4.23-ow2 kernel patch dates from December 18, 2003 ( http://www.openwall.com/linux/linux-2.4.23-ow2.tar.gz ). Kudos to OpenWall Project for discovering this last year, if they had realized the implications of this bug they would probably have notified the kernel developers back then. Perhaps it would be wise for the kernel developers to look at what other potential issues OWP are proactively protecting against. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: Steve Bremer [mailto:steveb () nebcoinc com] Sent: Wednesday, February 18, 2004 8:05 AM To: bugtraq () securityfocus com Subject: Re: Second critical mremap() bug found in all Linux kernels I think it's worth noting that those who have been using either the 2.4.23-ow2 or the 2.4.24-ow1 kernel patches from the Openwall Project are not vulnerable to this latest mremap() bug. Steve Bremer NEBCO, Inc. Systems & Security Administrator
Current thread:
- Second critical mremap() bug found in all Linux kernels Paul Starzetz (Feb 18)
- Re: Second critical mremap() bug found in all Linux kernels Dan Yefimov (Feb 19)
- Re: Second critical mremap() bug found in all Linux kernels Jared M Breland (Feb 19)
- Hotfix for new mremap vulnerability Pavel harry_x Palát (Feb 20)
- Re: Hotfix for new mremap vulnerability Marc-Christian Petersen (Feb 23)
- <Possible follow-ups>
- Re: Second critical mremap() bug found in all Linux kernels Steve Bremer (Feb 18)
- RE: Second critical mremap() bug found in all Linux kernels tlarholm (Feb 19)