Re: Hotfix for new mremap vulnerability
From: Marc-Christian Petersen (m.c.p_at_gmx.net)
To: firstname.lastname@example.org Date: Sat, 21 Feb 2004 04:14:54 +0100
On Thursday 19 February 2004 17:32, Pavel harry_x Palát wrote:
> Here (http://wizard.ath.cx/fixmremap2.tar.gz) is small hotfix for newly
> discovered mremap() vulnerability. It
> doesn't directly change do_mremap() code, it just overwrites syscall
> handler with LKM. In my opinion it is enough to fix just mremap() syscall
> because at least on x86 there are no other functions which would use
> do_mremap directly. But this may not be true on others platforms (for
> example ia64)...
> The package contains the hotfix and a small proof of concept program which
> can be used to see if kernel is vulnerable.
> Use at your own risk.
- call the POC exploit on a vulnerable system
- echo "1000000" > /proc/sys/vm/max_map_count
- call the POC exploit again
- see the difference
Well, at least it prevents the POC exploit, maybe there's more though.
Kudos to the PaX team :)
-- ciao, Marc