New mremap bug
devine at iie.cnam.fr
Wed Feb 18 10:34:20 PST 2004
Billy O'Connor <billyoc at gnuyork.org> wrote:
> > For those of you who'd want to test for this vulnerability,
> > I've written some simple exploit code:
> > http://linuxfromscratch.org/~devine/mremap_poc_2.c
> With MREMAP_MAYMOVE | MREMAP_FIXED, I segfaulted, with MREMAP_MAYMOVE
> alone, it ran.
Have a look at the kernel messages with dmesg, if you see stuff like:
kernel BUG at mmap.c:1194!
invalid operand: 0000
EIP: 0010:[<c01239b5>] Not tainted
Then your kernel is almost certainly vulnerable. There's no root exploit
available yet though ;-)
More information about the lfs-security