CVE-2004-0077 – Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2004-0077

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. La función do_remap en mremap de Linux 2.2 a 2.2.25, 2.4 a 2.4.24, y 2.6 a 2.6.2 no comprueba adecuadamente el valor devuelto por la función do_munmap cuando se excede el número máximo de descriptores VMA, lo que permite a usuarios locales ganar privilegios de root, una vulnerabilidad distinta de CAN-2004-0985. A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2. • https://www.exploit-db.com/exploits/160 https://www.exploit-db.com/exploits/154 http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820 http://fedoranews.org/updates/FEDORA-2004-079.shtml http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015 http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt http://marc.info/?l=bugtraq&m=107711762014175&w=2 http://marc.info/?l=bugtraq&m=10771 •