7.2

CVE-2004-0077

Exploit
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatBigmem Kernel Version2.4.20-8 Editioni686
RedhatKernel Version2.4.20-8 Editionathlon_smp
RedhatKernel Version2.4.20-8 Editioni386
RedhatKernel Version2.4.20-8 Editioni686_smp
RedhatKernel Doc Version2.4.20-8 Editioni386
RedhatKernel Source Version2.4.20-8 Editioni386_src
LinuxLinux Kernel Version2.2.0
LinuxLinux Kernel Version2.2.1
LinuxLinux Kernel Version2.2.2
LinuxLinux Kernel Version2.2.3
LinuxLinux Kernel Version2.2.4
LinuxLinux Kernel Version2.2.5
LinuxLinux Kernel Version2.2.6
LinuxLinux Kernel Version2.2.7
LinuxLinux Kernel Version2.2.8
LinuxLinux Kernel Version2.2.9
LinuxLinux Kernel Version2.2.10
LinuxLinux Kernel Version2.2.11
LinuxLinux Kernel Version2.2.12
LinuxLinux Kernel Version2.2.13
LinuxLinux Kernel Version2.2.14
LinuxLinux Kernel Version2.2.15
LinuxLinux Kernel Version2.2.15 Updatepre16
LinuxLinux Kernel Version2.2.15_pre20
LinuxLinux Kernel Version2.2.16
LinuxLinux Kernel Version2.2.16 Updatepre6
LinuxLinux Kernel Version2.2.17
LinuxLinux Kernel Version2.2.18
LinuxLinux Kernel Version2.2.19
LinuxLinux Kernel Version2.2.20
LinuxLinux Kernel Version2.2.21
LinuxLinux Kernel Version2.2.22
LinuxLinux Kernel Version2.2.23
LinuxLinux Kernel Version2.2.24
LinuxLinux Kernel Version2.4.0
LinuxLinux Kernel Version2.4.0 Updatetest1
LinuxLinux Kernel Version2.4.0 Updatetest10
LinuxLinux Kernel Version2.4.0 Updatetest11
LinuxLinux Kernel Version2.4.0 Updatetest12
LinuxLinux Kernel Version2.4.0 Updatetest2
LinuxLinux Kernel Version2.4.0 Updatetest3
LinuxLinux Kernel Version2.4.0 Updatetest4
LinuxLinux Kernel Version2.4.0 Updatetest5
LinuxLinux Kernel Version2.4.0 Updatetest6
LinuxLinux Kernel Version2.4.0 Updatetest7
LinuxLinux Kernel Version2.4.0 Updatetest8
LinuxLinux Kernel Version2.4.0 Updatetest9
LinuxLinux Kernel Version2.4.1
LinuxLinux Kernel Version2.4.2
LinuxLinux Kernel Version2.4.3
LinuxLinux Kernel Version2.4.4
LinuxLinux Kernel Version2.4.5
LinuxLinux Kernel Version2.4.6
LinuxLinux Kernel Version2.4.7
LinuxLinux Kernel Version2.4.8
LinuxLinux Kernel Version2.4.9
LinuxLinux Kernel Version2.4.10
LinuxLinux Kernel Version2.4.11
LinuxLinux Kernel Version2.4.12
LinuxLinux Kernel Version2.4.13
LinuxLinux Kernel Version2.4.14
LinuxLinux Kernel Version2.4.15
LinuxLinux Kernel Version2.4.16
LinuxLinux Kernel Version2.4.17
LinuxLinux Kernel Version2.4.18
LinuxLinux Kernel Version2.4.18 Editionx86
LinuxLinux Kernel Version2.4.18 Updatepre1
LinuxLinux Kernel Version2.4.18 Updatepre2
LinuxLinux Kernel Version2.4.18 Updatepre3
LinuxLinux Kernel Version2.4.18 Updatepre4
LinuxLinux Kernel Version2.4.18 Updatepre5
LinuxLinux Kernel Version2.4.18 Updatepre6
LinuxLinux Kernel Version2.4.18 Updatepre7
LinuxLinux Kernel Version2.4.18 Updatepre8
LinuxLinux Kernel Version2.4.19
LinuxLinux Kernel Version2.4.19 Updatepre1
LinuxLinux Kernel Version2.4.19 Updatepre2
LinuxLinux Kernel Version2.4.19 Updatepre3
LinuxLinux Kernel Version2.4.19 Updatepre4
LinuxLinux Kernel Version2.4.19 Updatepre5
LinuxLinux Kernel Version2.4.19 Updatepre6
LinuxLinux Kernel Version2.4.20
LinuxLinux Kernel Version2.4.21
LinuxLinux Kernel Version2.4.21 Updatepre1
LinuxLinux Kernel Version2.4.21 Updatepre4
LinuxLinux Kernel Version2.4.21 Updatepre7
LinuxLinux Kernel Version2.4.22
LinuxLinux Kernel Version2.4.23
LinuxLinux Kernel Version2.4.23 Updatepre9
LinuxLinux Kernel Version2.4.24
LinuxLinux Kernel Version2.6.0
LinuxLinux Kernel Version2.6.0 Updatetest1
LinuxLinux Kernel Version2.6.0 Updatetest10
LinuxLinux Kernel Version2.6.0 Updatetest11
LinuxLinux Kernel Version2.6.0 Updatetest2
LinuxLinux Kernel Version2.6.0 Updatetest3
LinuxLinux Kernel Version2.6.0 Updatetest4
LinuxLinux Kernel Version2.6.0 Updatetest5
LinuxLinux Kernel Version2.6.0 Updatetest6
LinuxLinux Kernel Version2.6.0 Updatetest7
LinuxLinux Kernel Version2.6.0 Updatetest8
LinuxLinux Kernel Version2.6.0 Updatetest9
LinuxLinux Kernel Version2.6.1 Updaterc1
LinuxLinux Kernel Version2.6.1 Updaterc2
LinuxLinux Kernel Version2.6.2
LinuxLinux Kernel Version2.6_test9_cvs
NetwosixNetwosix Linux Version1.0
TrustixSecure Linux Version1.5
TrustixSecure Linux Version2.0
RedhatKernel Version2.4.20-8 Editionathlon
RedhatKernel Version2.4.20-8 Editioni386
RedhatKernel Version2.4.20-8 Editioni686
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.43% 0.821
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.debian.org/security/2004/dsa-442
http://www.debian.org/security/2004/dsa-439
Patch
Vendor Advisory
http://www.debian.org/security/2004/dsa-440
http://www.debian.org/security/2004/dsa-450
http://www.debian.org/security/2004/dsa-470
http://www.debian.org/security/2004/dsa-475
http://www.redhat.com/support/errata/RHSA-2004-106.html
http://www.ciac.org/ciac/bulletins/o-082.shtml
http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
http://www.redhat.com/support/errata/RHSA-2004-065.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
http://fedoranews.org/updates/FEDORA-2004-079.shtml
http://www.redhat.com/support/errata/RHSA-2004-069.html
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
http://marc.info/?l=bugtraq&m=107711762014175&w=2
http://marc.info/?l=bugtraq&m=107712137732553&w=2
http://marc.info/?l=bugtraq&m=107755871932680&w=2
http://security.gentoo.org/glsa/glsa-200403-02.xml
Patch
Vendor Advisory
http://www.debian.org/security/2004/dsa-438
http://www.debian.org/security/2004/dsa-441
http://www.debian.org/security/2004/dsa-444
http://www.debian.org/security/2004/dsa-453
http://www.debian.org/security/2004/dsa-454
http://www.debian.org/security/2004/dsa-456
http://www.debian.org/security/2004/dsa-466
http://www.debian.org/security/2004/dsa-514
http://www.kb.cert.org/vuls/id/981222
US Government Resource
http://www.osvdb.org/3986
http://www.redhat.com/support/errata/RHSA-2004-066.html
http://www.securityfocus.com/bid/9686
Patch
Vendor Advisory
Exploit
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
https://exchange.xforce.ibmcloud.com/vulnerabilities/15244
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837