CVE - CVE-2003-0985

CVE-ID
CVE-2003-0985	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:9356 URL:http://www.securityfocus.com/bid/9356 BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code URL:http://marc.info/?l=bugtraq&m=107340358402129&w=2 BUGTRAQ:20040105 Linux kernel mremap vulnerability URL:http://marc.info/?l=bugtraq&m=107332782121916&w=2 BUGTRAQ:20040106 Linux mremap bug correction URL:http://marc.info/?l=bugtraq&m=107340814409017&w=2 BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01) URL:http://marc.info/?l=bugtraq&m=107350348418373&w=2 BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01) URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001 URL:http://marc.info/?l=bugtraq&m=107394143105081&w=2 CERT-VN:VU#490620 URL:http://www.kb.cert.org/vuls/id/490620 CIAC:O-045 URL:http://www.ciac.org/ciac/bulletins/o-045.shtml CONECTIVA:CLA-2004:799 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799 CONFIRM:http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap CONFIRM:http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24 DEBIAN:DSA-1067 URL:http://www.debian.org/security/2006/dsa-1067 DEBIAN:DSA-1069 URL:http://www.debian.org/security/2006/dsa-1069 DEBIAN:DSA-1070 URL:http://www.debian.org/security/2006/dsa-1070 DEBIAN:DSA-1082 URL:http://www.debian.org/security/2006/dsa-1082 DEBIAN:DSA-413 URL:http://www.debian.org/security/2004/dsa-413 DEBIAN:DSA-417 URL:http://www.debian.org/security/2004/dsa-417 DEBIAN:DSA-423 URL:http://www.debian.org/security/2004/dsa-423 DEBIAN:DSA-427 URL:http://www.debian.org/security/2004/dsa-427 DEBIAN:DSA-439 URL:http://www.debian.org/security/2004/dsa-439 DEBIAN:DSA-440 URL:http://www.debian.org/security/2004/dsa-440 DEBIAN:DSA-442 URL:http://www.debian.org/security/2004/dsa-442 DEBIAN:DSA-450 URL:http://www.debian.org/security/2004/dsa-450 DEBIAN:DSA-470 URL:http://www.debian.org/security/2004/dsa-470 DEBIAN:DSA-475 URL:http://www.debian.org/security/2004/dsa-475 ENGARDE:ESA-20040105-001 URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html IMMUNIX:IMNX-2004-73-001-01 URL:http://download.immunix.org/ImmunixOS/7.3/updates/IMNX-2004-73-001-01 MANDRAKE:MDKSA-2004:001 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001 MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt MLIST:[linux-kernel] 20040105 linux-2.4.24 released OSVDB:3315 URL:http://www.osvdb.org/3315 OVAL:oval:org.mitre.oval:def:860 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A860 OVAL:oval:org.mitre.oval:def:867 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A867 REDHAT:RHSA-2003:416 URL:http://www.redhat.com/support/errata/RHSA-2003-416.html REDHAT:RHSA-2003:417 URL:http://www.redhat.com/support/errata/RHSA-2003-417.html REDHAT:RHSA-2003:418 URL:http://www.redhat.com/support/errata/RHSA-2003-418.html REDHAT:RHSA-2003:419 URL:http://www.redhat.com/support/errata/RHSA-2003-419.html SECUNIA:10532 URL:http://secunia.com/advisories/10532 SECUNIA:20163 URL:http://secunia.com/advisories/20163 SECUNIA:20202 URL:http://secunia.com/advisories/20202 SECUNIA:20338 URL:http://secunia.com/advisories/20338 SGI:20040102-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U SUSE:SuSE-SA:2004:001 SUSE:SuSE-SA:2004:003 URL:http://www.novell.com/linux/security/advisories/2004_03_linux_kernel.html TRUSTIX:2004-0001 URL:http://marc.info/?l=bugtraq&m=107332754521495&w=2 XF:linux-domremap-gain-privileges(14135) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14135
Date Record Created
20040901	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)