Bug 48728 - (CVE-2003-0985) VUL-0: CVE-2003-0985: kernel: mremap bug
VUL-0: CVE-2003-0985: kernel: mremap bug
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
All Linux
: P3 - Medium : Critical
: ---
Assigned To: Thomas Biege
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2003-12-18 18:35 UTC by Thomas Biege
Modified: 2017-04-21 09:14 UTC (History)
2 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Original bug report by Paul Starzetz (3.54 KB, text/plain)
2003-12-18 18:43 UTC, Olaf Kirch
Patch by Andrea Arcangeli (766 bytes, patch)
2003-12-18 18:44 UTC, Olaf Kirch
Details | Diff
mremap-check (9.0-i386) (673 bytes, patch)
2004-02-19 23:33 UTC, Thomas Biege
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Olaf Kirch 2003-12-18 18:35:51 UTC
There is a bug in mremap pretty similar to the recent brk() bug. 
So far, the only exploit for this is denial of service (crash and reboot), 
but it is not clear yet whether there are more serious avenues of exploit. 
Details on the bug and patches will be appended to the bug. 
The bug was originally found and reported by Paul Starzetz. 
We had expected to be able to release update kernels in January, but 
there's pressure from some folks (such as Marcelo) to publish this as 
soon as possible, maybe as early as Monday 22nd. 
There is also some concern that this issue will leak during the holidays. 
Hubert is aware of the bug and has already submitted update kernels.
Comment 1 Olaf Kirch 2003-12-18 18:35:51 UTC
<!-- SBZ_reproduce  -->
exploit will be attached
Comment 2 Olaf Kirch 2003-12-18 18:43:55 UTC
Created attachment 15547 [details]
Original bug report by Paul Starzetz
Comment 3 Olaf Kirch 2003-12-18 18:44:22 UTC
Created attachment 15548 [details]
Patch by Andrea Arcangeli
Comment 4 Olaf Kirch 2003-12-18 18:50:49 UTC
The CVE ID for this issue is CAN-2003-0985 
Comment 5 Olaf Kirch 2004-01-19 17:17:12 UTC
can we close this bug now? 
Comment 6 Andrea Arcangeli 2004-01-19 21:40:31 UTC
Comment 7 Thomas Biege 2004-02-19 23:13:35 UTC
<!-- SBZ_reopen -->Reopened by thomas@suse.de at Thu Feb 19 16:13:35 2004, took initial reporter okir@suse.de to cc
Comment 8 Thomas Biege 2004-02-19 23:13:35 UTC
reopened for verification 
Comment 9 Thomas Biege 2004-02-19 23:33:50 UTC
Created attachment 16073 [details]
mremap-check (9.0-i386)
Comment 10 Thomas Biege 2004-02-20 00:33:55 UTC
didnt recognize patch 
Comment 11 Marcus Meissner 2006-06-02 11:55:43 UTC

debian also used: