Full Disclosure mailing list archives

Re: Re: Second critical mremap() bug found in all Linux kernels

From: "i.t Consulting" <fulldis () it97 dyndns org>
Date: Thu, 19 Feb 2004 10:24:07 +0100

Am Wednesday 18 February 2004 17:01 schrieb Gregory A. Gilliss:

There's a hole. Here's how you test/exploit the hole. The script k1dd13z
have it now. Fix it quick. Don't wait! Full disclosure. Not necessarily

$ uname -a
Linux 2.4.22-gss #1 Sun Nov 30 09:08:04 CET 2003 i686 AMD Athlon(tm) XP 2000+ 
AuthenticAMD GNU/Linux

$ gcc -W -Wall mremap_poc_2.c && ./a.out
mmap: Cannot allocate memory
created ~65536 VMAs
now mremapping 0x3FFFC000 at 0x3FFF9000
kernel may not be vulnerable
-- 
 . ___
 |  | 
 |  | 
       

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Second critical mremap() bug found in all Linux kernels Paul Starzetz (Feb 18)
- Re: Second critical mremap() bug found in all Linux kernels Daniel Lorch (Feb 18)
- Re: Second critical mremap() bug found in all Linux kernels Dan Yefimov (Feb 19)
- <Possible follow-ups>
- Re: Second critical mremap() bug found in all Linux kernels Christophe Devine (Feb 18)
  - Re: Re: Second critical mremap() bug found in all Linux kernels Daniel Husand (Feb 18)
    - Re: Re: Second critical mremap() bug found in all Linux kernels Daniel Lorch (Feb 18)
- Re: Re: Second critical mremap() bug found in all Linux kernels Paul Starzetz (Feb 18)
  - Re: Re: Second critical mremap() bug found in all Linux kernels Christophe Devine (Feb 18)
  - Re: Re: Second critical mremap() bug found in all Linux kernels Gregory A. Gilliss (Feb 18)
    - Re: Re: Second critical mremap() bug found in all Linux kernels i.t Consulting (Feb 19)
  - Re: Re: Second critical mremap() bug found in all Linux kernels Michael Graham (Feb 18)
    - Re: Re: Second critical mremap() bug found in all Linux kernels Diego Calleja (Feb 18)
  - RE: Re: Second critical mremap() bug found in all Linux kernels Replugge[ROD] (Feb 18)
    - RE: Re: Second critical mremap() bug found in all Linux kernels Chris Anley (Feb 18)
    - RE: Re: Second critical mremap() bug found in all Linux kernels Replugge[ROD] (Feb 18)
    - RE: Re: Second critical mremap() bug found in all Linux kernels Paul Starzetz (Feb 19)
    - RE: Re: Second critical mremap() bug found in all Linux kernels Geo. (Feb 19)
    - Re: Re: Second critical mremap() bug found in all Linux kernels Dave Howe (Feb 19)
    - Re: Re: Second critical mremap() bug found in all Linux kernels Paul Schmehl (Feb 19)
    - Re: Re: Second critical mremap() bug found in all Linux kernels John Galt (Feb 19)

(Thread continues...)