Bug 48728 – VUL-0: CVE-2003-0985: kernel: mremap bug

Bug 48728 - (CVE-2003-0985) VUL-0: CVE-2003-0985: kernel: mremap bug

(CVE-2003-0985)
Summary:	VUL-0: CVE-2003-0985: kernel: mremap bug

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Critical
Target Milestone:	---
Assigned To:	Thomas Biege
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2003-12-18 18:35 UTC by Thomas Biege
Modified:	2017-04-21 09:14 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Original bug report by Paul Starzetz (3.54 KB, text/plain) 2003-12-18 18:43 UTC, Olaf Kirch	Details
Patch by Andrea Arcangeli (766 bytes, patch) 2003-12-18 18:44 UTC, Olaf Kirch	Details \| Diff
mremap-check (9.0-i386) (673 bytes, patch) 2004-02-19 23:33 UTC, Thomas Biege	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Olaf Kirch 2003-12-18 18:35:51 UTC

There is a bug in mremap pretty similar to the recent brk() bug. 
So far, the only exploit for this is denial of service (crash and reboot), 
but it is not clear yet whether there are more serious avenues of exploit. 
Details on the bug and patches will be appended to the bug. 
 
The bug was originally found and reported by Paul Starzetz. 
 
We had expected to be able to release update kernels in January, but 
there's pressure from some folks (such as Marcelo) to publish this as 
soon as possible, maybe as early as Monday 22nd. 
 
There is also some concern that this issue will leak during the holidays. 
 
Hubert is aware of the bug and has already submitted update kernels.

Comment 1 Olaf Kirch 2003-12-18 18:35:51 UTC

<!-- SBZ_reproduce  -->
exploit will be attached

Comment 2 Olaf Kirch 2003-12-18 18:43:55 UTC

Created attachment 15547 [details]
Original bug report by Paul Starzetz

Comment 3 Olaf Kirch 2003-12-18 18:44:22 UTC

Created attachment 15548 [details]
Patch by Andrea Arcangeli

Comment 4 Olaf Kirch 2003-12-18 18:50:49 UTC

The CVE ID for this issue is CAN-2003-0985

Comment 5 Olaf Kirch 2004-01-19 17:17:12 UTC

can we close this bug now?

Comment 6 Andrea Arcangeli 2004-01-19 21:40:31 UTC

yes

Comment 7 Thomas Biege 2004-02-19 23:13:35 UTC

<!-- SBZ_reopen -->Reopened by thomas@suse.de at Thu Feb 19 16:13:35 2004, took initial reporter okir@suse.de to cc

Comment 8 Thomas Biege 2004-02-19 23:13:35 UTC

reopened for verification

Comment 9 Thomas Biege 2004-02-19 23:33:50 UTC

Created attachment 16073 [details]
mremap-check (9.0-i386)

Comment 10 Thomas Biege 2004-02-20 00:33:55 UTC

didnt recognize patch

Comment 11 Marcus Meissner 2006-06-02 11:55:43 UTC

CVE-2003-0985

debian also used:

CVE-2005-0528