Bug 48728 (CVE-2003-0985)

Summary: VUL-0: CVE-2003-0985: kernel: mremap bug
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Thomas Biege <thomas>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Critical    
Priority: P3 - Medium CC: meissner, rf
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Original bug report by Paul Starzetz
Patch by Andrea Arcangeli
mremap-check (9.0-i386)

Description Olaf Kirch 2003-12-18 18:35:51 UTC 
There is a bug in mremap pretty similar to the recent brk() bug. 
So far, the only exploit for this is denial of service (crash and reboot), 
but it is not clear yet whether there are more serious avenues of exploit. 
Details on the bug and patches will be appended to the bug. 
 
The bug was originally found and reported by Paul Starzetz. 
 
We had expected to be able to release update kernels in January, but 
there's pressure from some folks (such as Marcelo) to publish this as 
soon as possible, maybe as early as Monday 22nd. 
 
There is also some concern that this issue will leak during the holidays. 
 
Hubert is aware of the bug and has already submitted update kernels.
Comment 1 Olaf Kirch 2003-12-18 18:35:51 UTC 
<!-- SBZ_reproduce  -->
exploit will be attached
Comment 2 Olaf Kirch 2003-12-18 18:43:55 UTC 
Created attachment 15547 [details]
Original bug report by Paul Starzetz
Comment 3 Olaf Kirch 2003-12-18 18:44:22 UTC 
Created attachment 15548 [details]
Patch by Andrea Arcangeli
Comment 4 Olaf Kirch 2003-12-18 18:50:49 UTC 
The CVE ID for this issue is CAN-2003-0985
Comment 5 Olaf Kirch 2004-01-19 17:17:12 UTC 
can we close this bug now?
Comment 6 Andrea Arcangeli 2004-01-19 21:40:31 UTC 
yes
Comment 7 Thomas Biege 2004-02-19 23:13:35 UTC 
<!-- SBZ_reopen -->Reopened by thomas@suse.de at Thu Feb 19 16:13:35 2004, took initial reporter okir@suse.de to cc
Comment 8 Thomas Biege 2004-02-19 23:13:35 UTC 
reopened for verification
Comment 9 Thomas Biege 2004-02-19 23:33:50 UTC 
Created attachment 16073 [details]
mremap-check (9.0-i386)
Comment 10 Thomas Biege 2004-02-20 00:33:55 UTC 
didnt recognize patch
Comment 11 Marcus Meissner 2006-06-02 11:55:43 UTC 
CVE-2003-0985

debian also used:

CVE-2005-0528