National Vulnerability Database (NVD) National Vulnerability Database (CVE-2003-0985)

National Cyber-Alert System

Vulnerability Summary for CVE-2003-0985

Original release date:01/20/2004

Last revised:09/05/2008

Source: US-CERT/NIST

Overview

The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.2 (HIGH) (AV:L/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 3.9

CVSS Version 2 Metrics:

Access Vector: Locally exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#490620

Name: VU#490620

Hyperlink:http://www.kb.cert.org/vuls/id/490620

External Source: BID

Name: 9356

Type: Advisory; Patch Information

Hyperlink:http://www.securityfocus.com/bid/9356

External Source: REDHAT

Name: RHSA-2003:417

Type: Advisory; Patch Information

Hyperlink:http://www.redhat.com/support/errata/RHSA-2003-417.html

External Source: ENGARDE

Name: ESA-20040105-001

Type: Advisory; Patch Information

Hyperlink:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html

External Source: XF

Name: linux-domremap-gain-privileges(14135)

Type: Advisory

Hyperlink:http://xforce.iss.net/xforce/xfdb/14135

External Source: REDHAT

Name: RHSA-2003:419

Hyperlink:http://www.redhat.com/support/errata/RHSA-2003-419.html

External Source: REDHAT

Name: RHSA-2003:418

Hyperlink:http://www.redhat.com/support/errata/RHSA-2003-418.html

External Source: REDHAT

Name: RHSA-2003:416

Hyperlink:http://www.redhat.com/support/errata/RHSA-2003-416.html

External Source: OSVDB

Name: 3315

Hyperlink:http://www.osvdb.org/3315

External Source: SUSE

Name: SuSE-SA:2004:003

Hyperlink:http://www.novell.com/linux/security/advisories/2004_03_linux_kernel.html

External Source: MANDRAKE

Name: MDKSA-2004:001

Hyperlink:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001

External Source: CONFIRM

Name: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24

Hyperlink:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24

External Source: DEBIAN

Name: DSA-1082

Hyperlink:http://www.debian.org/security/2006/dsa-1082

External Source: DEBIAN

Name: DSA-1070

Hyperlink:http://www.debian.org/security/2006/dsa-1070

External Source: DEBIAN

Name: DSA-1069

Hyperlink:http://www.debian.org/security/2006/dsa-1069

External Source: DEBIAN

Name: DSA-1067

Hyperlink:http://www.debian.org/security/2006/dsa-1067

External Source: DEBIAN

Name: DSA-475

Hyperlink:http://www.debian.org/security/2004/dsa-475

External Source: DEBIAN

Name: DSA-470

Hyperlink:http://www.debian.org/security/2004/dsa-470

External Source: DEBIAN

Name: DSA-450

Hyperlink:http://www.debian.org/security/2004/dsa-450

External Source: DEBIAN

Name: DSA-442

Hyperlink:http://www.debian.org/security/2004/dsa-442

External Source: DEBIAN

Name: DSA-440

Hyperlink:http://www.debian.org/security/2004/dsa-440

External Source: DEBIAN

Name: DSA-439

Hyperlink:http://www.debian.org/security/2004/dsa-439

External Source: DEBIAN

Name: DSA-427

Hyperlink:http://www.debian.org/security/2004/dsa-427

External Source: DEBIAN

Name: DSA-423

Hyperlink:http://www.debian.org/security/2004/dsa-423

External Source: DEBIAN

Name: DSA-417

Hyperlink:http://www.debian.org/security/2004/dsa-417

External Source: DEBIAN

Name: DSA-413

Hyperlink:http://www.debian.org/security/2004/dsa-413

External Source: CIAC

Name: O-045

Hyperlink:http://www.ciac.org/ciac/bulletins/o-045.shtml

External Source: CONFIRM

Name: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0

Hyperlink:http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0

External Source: SECUNIA

Name: 20338

Hyperlink:http://secunia.com/advisories/20338

External Source: SECUNIA

Name: 20202

Hyperlink:http://secunia.com/advisories/20202

External Source: SECUNIA

Name: 20163

Hyperlink:http://secunia.com/advisories/20163

External Source: SECUNIA

Name: 10532

Hyperlink:http://secunia.com/advisories/10532

External Source: BUGTRAQ

Name: 20040112 SmoothWall Project Security Advisory SWP-2004:001

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2

External Source: BUGTRAQ

Name: 20040107 [slackware-security] Kernel security update (SSA:2004-006-01)

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=107350348418373&w=2

External Source: BUGTRAQ

Name: 20040106 Linux mremap bug correction

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=107340814409017&w=2

External Source: BUGTRAQ

Name: 20040105 Linux kernel do_mremap() proof-of-concept exploit code

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=107340358402129&w=2

External Source: BUGTRAQ

Name: 20040105 Linux kernel mremap vulnerability

Type: Advisory

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=107332782121916&w=2

External Source: TRUSTIX

Name: 2004-0001

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=107332754521495&w=2

External Source: CONFIRM

Name: http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap

Hyperlink:http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap

External Source: MISC

Name: http://isec.pl/vulnerabilities/isec-0013-mremap.txt

Hyperlink:http://isec.pl/vulnerabilities/isec-0013-mremap.txt

External Source: IMMUNIX

Name: IMNX-2004-73-001-01

Hyperlink:http://download.immunix.org/ImmunixOS/7.3/updates/IMNX-2004-73-001-01

External Source: CONECTIVA

Name: CLA-2004:799

Hyperlink:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799

External Source: BUGTRAQ

Name: 20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)

Hyperlink:http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html

External Source: SGI

Name: 20040102-01-U

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U

US Government Resource: oval:org.mitre.oval:def:867

Name: oval:org.mitre.oval:def:867

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:867

US Government Resource: oval:org.mitre.oval:def:860

Name: oval:org.mitre.oval:def:860

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:860

Vulnerable software and versions

Configuration 1

* cpe:/o:linux:linux_kernel:2.4.0

* cpe:/o:linux:linux_kernel:2.4.0:test1

* cpe:/o:linux:linux_kernel:2.4.0:test10

* cpe:/o:linux:linux_kernel:2.4.0:test11

* cpe:/o:linux:linux_kernel:2.4.0:test12

* cpe:/o:linux:linux_kernel:2.4.0:test2

* cpe:/o:linux:linux_kernel:2.4.0:test3

* cpe:/o:linux:linux_kernel:2.4.0:test4

* cpe:/o:linux:linux_kernel:2.4.0:test5

* cpe:/o:linux:linux_kernel:2.4.0:test6

* cpe:/o:linux:linux_kernel:2.4.0:test7

* cpe:/o:linux:linux_kernel:2.4.0:test8

* cpe:/o:linux:linux_kernel:2.4.0:test9

* cpe:/o:linux:linux_kernel:2.4.1

* cpe:/o:linux:linux_kernel:2.4.10

* cpe:/o:linux:linux_kernel:2.4.11

* cpe:/o:linux:linux_kernel:2.4.12

* cpe:/o:linux:linux_kernel:2.4.13

* cpe:/o:linux:linux_kernel:2.4.14

* cpe:/o:linux:linux_kernel:2.4.15

* cpe:/o:linux:linux_kernel:2.4.16

* cpe:/o:linux:linux_kernel:2.4.17

* cpe:/o:linux:linux_kernel:2.4.18

* cpe:/o:linux:linux_kernel:2.4.18::x86

* cpe:/o:linux:linux_kernel:2.4.18:pre1

* cpe:/o:linux:linux_kernel:2.4.18:pre2

* cpe:/o:linux:linux_kernel:2.4.18:pre3

* cpe:/o:linux:linux_kernel:2.4.18:pre4

* cpe:/o:linux:linux_kernel:2.4.18:pre5

* cpe:/o:linux:linux_kernel:2.4.18:pre6

* cpe:/o:linux:linux_kernel:2.4.18:pre7

* cpe:/o:linux:linux_kernel:2.4.18:pre8

* cpe:/o:linux:linux_kernel:2.4.19

* cpe:/o:linux:linux_kernel:2.4.19:pre1

* cpe:/o:linux:linux_kernel:2.4.19:pre2

* cpe:/o:linux:linux_kernel:2.4.19:pre3

* cpe:/o:linux:linux_kernel:2.4.19:pre4

* cpe:/o:linux:linux_kernel:2.4.19:pre5

* cpe:/o:linux:linux_kernel:2.4.19:pre6

* cpe:/o:linux:linux_kernel:2.4.2

* cpe:/o:linux:linux_kernel:2.4.20

* cpe:/o:linux:linux_kernel:2.4.21

* cpe:/o:linux:linux_kernel:2.4.21:pre1

* cpe:/o:linux:linux_kernel:2.4.21:pre4

* cpe:/o:linux:linux_kernel:2.4.21:pre7

* cpe:/o:linux:linux_kernel:2.4.22

* cpe:/o:linux:linux_kernel:2.4.23

* cpe:/o:linux:linux_kernel:2.4.3

* cpe:/o:linux:linux_kernel:2.4.4

* cpe:/o:linux:linux_kernel:2.4.5

* cpe:/o:linux:linux_kernel:2.4.6

* cpe:/o:linux:linux_kernel:2.4.7

* cpe:/o:linux:linux_kernel:2.4.8

* cpe:/o:linux:linux_kernel:2.4.9

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0985