New mremap bug

Billy O'Connor billyoc at gnuyork.org
Wed Feb 18 10:08:16 PST 2004


Christophe Devine <devine at iie.cnam.fr> writes:

> Billy O'Connor <billyoc at gnuyork.org> wrote:
>
>> http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
>
> For those of you who'd want to test for this vulnerability,
> I've written some simple exploit code:
>
> http://linuxfromscratch.org/~devine/mremap_poc_2.c
>
> Christophe.

With MREMAP_MAYMOVE | MREMAP_FIXED, I segfaulted, with MREMAP_MAYMOVE
alone, it ran.

[billyoc]# uname -a
Linux dps11.gnuyork.org 2.4.23-xfs #1 SMP Mi Dez 10 22:25:03 CET 2003 i686 GNU/Linux




More information about the lfs-security mailing list