Bug 49117 (CVE-2004-0077)

Summary: VUL-0: CVE-2004-0077: kernel: another mremap bug *sigh*
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Thomas Biege <thomas>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: ihno, mfrueh, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0077: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 47333    
Attachments: post from Paul to vendor-sec
full mremap thread from vendor-sec (so far)
mremap-errorcode (9.0-i386)

Description Thomas Biege 2004-01-23 20:57:50 UTC 
Hi. 
Paul Starzetz posted another bug within the mremap implementation.
Comment 1 Thomas Biege 2004-01-23 20:57:50 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2004-01-23 20:58:24 UTC 
Created attachment 15737 [details]
post from Paul to vendor-sec
Comment 3 Thomas Biege 2004-01-23 21:02:58 UTC 
CDR: 2004-02-09
Comment 4 Thomas Biege 2004-01-23 21:11:04 UTC 
CAN-2003-0077
Comment 5 Thomas Biege 2004-01-23 22:49:52 UTC 
CAN-2004-0077 (not 2003)
Comment 6 Hubert Mantel 2004-01-26 21:40:24 UTC 
I already told Andrea about this problem, he will have a look at it. Assigning
bug to Andrea. Andrea, please also send me the fix via mail as soon as you have it.
Comment 7 Roman Drahtmueller 2004-01-28 22:42:15 UTC 
Added Ihno. Thomas, we need to make sure that 7.2-s390 and sles7-s390x are not
forgotten. The s390 people will care for their own kernel update packages, but
they need access to the information.

R.
Comment 8 Thomas Biege 2004-01-29 00:23:04 UTC 
I was not aware of this separation and will take care in future.
Comment 9 Ihno Krumreich 2004-01-30 00:26:56 UTC 
Added mfrueh. He has the same problem for SLES7 for PPC.
Comment 10 Olaf Kirch 2004-01-30 00:33:25 UTC 
Created attachment 15808 [details]
full mremap thread from vendor-sec (so far)
Comment 11 Thomas Biege 2004-01-31 00:36:19 UTC 
It seems we have a new release date: 18.02.2004
Comment 12 Andrea Arcangeli 2004-02-11 05:14:48 UTC 
I sent the fix was sent to Hubert a few days ago, so I think we can close this
bug. For 2.6 Linus is including the fix in mainline (it's already in the kernel
CVS) so we should get it by keeping sles9 in sync with mainline. Really for 2.6
we may want to fix some more bit (for correctness, not exploitable)
Comment 13 Thomas Biege 2004-02-16 18:41:55 UTC 
reassigned for tracking.
Comment 14 Thomas Biege 2004-02-19 23:42:28 UTC 
Created attachment 16076 [details]
mremap-errorcode (9.0-i386)
Comment 15 Thomas Biege 2004-03-24 00:56:50 UTC 
packages released.
Comment 16 Thomas Biege 2009-10-13 20:02:00 UTC 
CVE-2004-0077: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)