7.2

CVE-2003-0985

Exploit
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version2.4.0
LinuxLinux Kernel Version2.4.0 Updatetest1
LinuxLinux Kernel Version2.4.0 Updatetest10
LinuxLinux Kernel Version2.4.0 Updatetest11
LinuxLinux Kernel Version2.4.0 Updatetest12
LinuxLinux Kernel Version2.4.0 Updatetest2
LinuxLinux Kernel Version2.4.0 Updatetest3
LinuxLinux Kernel Version2.4.0 Updatetest4
LinuxLinux Kernel Version2.4.0 Updatetest5
LinuxLinux Kernel Version2.4.0 Updatetest6
LinuxLinux Kernel Version2.4.0 Updatetest7
LinuxLinux Kernel Version2.4.0 Updatetest8
LinuxLinux Kernel Version2.4.0 Updatetest9
LinuxLinux Kernel Version2.4.1
LinuxLinux Kernel Version2.4.2
LinuxLinux Kernel Version2.4.3
LinuxLinux Kernel Version2.4.4
LinuxLinux Kernel Version2.4.5
LinuxLinux Kernel Version2.4.6
LinuxLinux Kernel Version2.4.7
LinuxLinux Kernel Version2.4.8
LinuxLinux Kernel Version2.4.9
LinuxLinux Kernel Version2.4.10
LinuxLinux Kernel Version2.4.11
LinuxLinux Kernel Version2.4.12
LinuxLinux Kernel Version2.4.13
LinuxLinux Kernel Version2.4.14
LinuxLinux Kernel Version2.4.15
LinuxLinux Kernel Version2.4.16
LinuxLinux Kernel Version2.4.17
LinuxLinux Kernel Version2.4.18
LinuxLinux Kernel Version2.4.18 Editionx86
LinuxLinux Kernel Version2.4.18 Updatepre1
LinuxLinux Kernel Version2.4.18 Updatepre2
LinuxLinux Kernel Version2.4.18 Updatepre3
LinuxLinux Kernel Version2.4.18 Updatepre4
LinuxLinux Kernel Version2.4.18 Updatepre5
LinuxLinux Kernel Version2.4.18 Updatepre6
LinuxLinux Kernel Version2.4.18 Updatepre7
LinuxLinux Kernel Version2.4.18 Updatepre8
LinuxLinux Kernel Version2.4.19
LinuxLinux Kernel Version2.4.19 Updatepre1
LinuxLinux Kernel Version2.4.19 Updatepre2
LinuxLinux Kernel Version2.4.19 Updatepre3
LinuxLinux Kernel Version2.4.19 Updatepre4
LinuxLinux Kernel Version2.4.19 Updatepre5
LinuxLinux Kernel Version2.4.19 Updatepre6
LinuxLinux Kernel Version2.4.20
LinuxLinux Kernel Version2.4.21
LinuxLinux Kernel Version2.4.21 Updatepre1
LinuxLinux Kernel Version2.4.21 Updatepre4
LinuxLinux Kernel Version2.4.21 Updatepre7
LinuxLinux Kernel Version2.4.22
LinuxLinux Kernel Version2.4.23
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.23% 0.651
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.debian.org/security/2004/dsa-442
http://www.debian.org/security/2004/dsa-423
http://marc.info/?l=bugtraq&m=107394143105081&w=2
http://www.debian.org/security/2004/dsa-417
http://www.debian.org/security/2004/dsa-439
http://www.debian.org/security/2004/dsa-440
http://www.debian.org/security/2004/dsa-450
http://www.debian.org/security/2004/dsa-470
http://www.debian.org/security/2004/dsa-475
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
http://www.debian.org/security/2006/dsa-1067
http://www.debian.org/security/2006/dsa-1069
http://www.debian.org/security/2006/dsa-1070
http://www.debian.org/security/2006/dsa-1082
http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-417.html
Patch
Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U
http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html
http://download.immunix.org/ImmunixOS/7.3/updates/IMNX-2004-73-001-01
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap
http://marc.info/?l=bugtraq&m=107332754521495&w=2
http://marc.info/?l=bugtraq&m=107332782121916&w=2
http://marc.info/?l=bugtraq&m=107340358402129&w=2
http://marc.info/?l=bugtraq&m=107340814409017&w=2
http://marc.info/?l=bugtraq&m=107350348418373&w=2
http://secunia.com/advisories/10532
http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0
http://www.ciac.org/ciac/bulletins/o-045.shtml
http://www.debian.org/security/2004/dsa-413
http://www.debian.org/security/2004/dsa-427
http://www.kb.cert.org/vuls/id/490620
US Government Resource
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001
http://www.novell.com/linux/security/advisories/2004_03_linux_kernel.html
http://www.osvdb.org/3315
http://www.redhat.com/support/errata/RHSA-2003-416.html
http://www.redhat.com/support/errata/RHSA-2003-418.html
http://www.redhat.com/support/errata/RHSA-2003-419.html
http://www.securityfocus.com/bid/9356
Patch
Vendor Advisory
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/14135
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A860
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A867