Re: Hotfix for new mremap vulnerability
From: Marc-Christian Petersen (m.c.p_at_gmx.net)
Date: 02/21/04
- Previous message: David Wilson: "RE: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP"
- In reply to: Pavel harry_x Palát: "Hotfix for new mremap vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com Date: Sat, 21 Feb 2004 04:14:54 +0100
On Thursday 19 February 2004 17:32, Pavel harry_x Palát wrote:
Hi Pavel,
> Greetings,
>
> Here (http://wizard.ath.cx/fixmremap2.tar.gz) is small hotfix for newly
> discovered mremap() vulnerability. It
> doesn't directly change do_mremap() code, it just overwrites syscall
> handler with LKM. In my opinion it is enough to fix just mremap() syscall
> because at least on x86 there are no other functions which would use
> do_mremap directly. But this may not be true on others platforms (for
> example ia64)...
> The package contains the hotfix and a small proof of concept program which
> can be used to see if kernel is vulnerable.
> Use at your own risk.
- call the POC exploit on a vulnerable system
- echo "1000000" > /proc/sys/vm/max_map_count
- call the POC exploit again
- see the difference
Well, at least it prevents the POC exploit, maybe there's more though.
Kudos to the PaX team :)
-- ciao, Marc
- Previous message: David Wilson: "RE: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP"
- In reply to: Pavel harry_x Palát: "Hotfix for new mremap vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
