49117 – (CVE-2004-0077) VUL-0: CVE-2004-0077: kernel: another mremap bug *sigh*

Bug 49117 (CVE-2004-0077) - VUL-0: CVE-2004-0077: kernel: another mremap bug *sigh*

Summary: VUL-0: CVE-2004-0077: kernel: another mremap bug *sigh*

Status:	RESOLVED FIXED

Alias:	CVE-2004-0077

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Thomas Biege
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2004-0077: CVSS v2 Base Score: 7....
Keywords:

Depends on:
Blocks:	47333
	Show dependency tree / graph

Clone This Bug

Reported:	2004-01-23 20:57 UTC by Thomas Biege
Modified:	2021-10-02 08:56 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
post from Paul to vendor-sec (6.51 KB, text/plain) 2004-01-23 20:58 UTC, Thomas Biege	Details
full mremap thread from vendor-sec (so far) (155.42 KB, text/plain) 2004-01-30 00:33 UTC, Olaf Kirch	Details
mremap-errorcode (9.0-i386) (851 bytes, patch) 2004-02-19 23:42 UTC, Thomas Biege	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2004-01-23 20:57:50 UTC

Hi. 
Paul Starzetz posted another bug within the mremap implementation.

Comment 1 Thomas Biege 2004-01-23 20:57:50 UTC

<!-- SBZ_reproduce  -->
-

Comment 2 Thomas Biege 2004-01-23 20:58:24 UTC

Created attachment 15737 [details]
post from Paul to vendor-sec

Comment 3 Thomas Biege 2004-01-23 21:02:58 UTC

CDR: 2004-02-09

Comment 4 Thomas Biege 2004-01-23 21:11:04 UTC

CAN-2003-0077

Comment 5 Thomas Biege 2004-01-23 22:49:52 UTC

CAN-2004-0077 (not 2003)

Comment 6 Hubert Mantel 2004-01-26 21:40:24 UTC

I already told Andrea about this problem, he will have a look at it. Assigning
bug to Andrea. Andrea, please also send me the fix via mail as soon as you have it.

Comment 7 Roman Drahtmueller 2004-01-28 22:42:15 UTC

Added Ihno. Thomas, we need to make sure that 7.2-s390 and sles7-s390x are not
forgotten. The s390 people will care for their own kernel update packages, but
they need access to the information.

R.

Comment 8 Thomas Biege 2004-01-29 00:23:04 UTC

I was not aware of this separation and will take care in future.

Comment 9 Ihno Krumreich 2004-01-30 00:26:56 UTC

Added mfrueh. He has the same problem for SLES7 for PPC.

Comment 10 Olaf Kirch 2004-01-30 00:33:25 UTC

Created attachment 15808 [details]
full mremap thread from vendor-sec (so far)

Comment 11 Thomas Biege 2004-01-31 00:36:19 UTC

It seems we have a new release date: 18.02.2004

Comment 12 Andrea Arcangeli 2004-02-11 05:14:48 UTC

I sent the fix was sent to Hubert a few days ago, so I think we can close this
bug. For 2.6 Linus is including the fix in mainline (it's already in the kernel
CVS) so we should get it by keeping sles9 in sync with mainline. Really for 2.6
we may want to fix some more bit (for correctness, not exploitable)

Comment 13 Thomas Biege 2004-02-16 18:41:55 UTC

reassigned for tracking.

Comment 14 Thomas Biege 2004-02-19 23:42:28 UTC

Created attachment 16076 [details]
mremap-errorcode (9.0-i386)

Comment 15 Thomas Biege 2004-03-24 00:56:50 UTC

packages released.

Comment 16 Thomas Biege 2009-10-13 20:02:00 UTC

CVE-2004-0077: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)