New mremap bug

Christophe Devine devine at iie.cnam.fr
Wed Feb 18 10:34:20 PST 2004


Billy O'Connor <billyoc at gnuyork.org> wrote:

> > For those of you who'd want to test for this vulnerability,
> > I've written some simple exploit code:
> > http://linuxfromscratch.org/~devine/mremap_poc_2.c

> With MREMAP_MAYMOVE | MREMAP_FIXED, I segfaulted, with MREMAP_MAYMOVE
> alone, it ran.

Have a look at the kernel messages with dmesg, if you see stuff like:

kernel BUG at mmap.c:1194!
invalid operand: 0000
CPU:    0
EIP:    0010:[<c01239b5>]    Not tainted

Then your kernel is almost certainly vulnerable. There's no root exploit
available yet though ;-)




More information about the lfs-security mailing list