Re: mremap bug and 2.4?

[Robert L. Harris]

I love you guys.  Yeah, I have to compile a new kernel, test it  and push it out
this week to 600 machines but atleast I don't have to wait 6 months and
then hope it doesn't kill all my apps.

You guys are great, THANKS!

Robert


Thus spake Marcelo Tosatti (marcelo.tosatti@xxxxxxxxxxxx):

> 
> 
> On Mon, 5 Jan 2004, Robert L. Harris wrote:
> 
> >
> >
> > Just read this on full disclosure:
> >
> > http://isec.pl/vulnerabilities/isec-0013-mremap.txt
> >
> > Is it valid?  No working proof of concept code has been posted so I can't
> > test my systems.  The article only lists 2.4 and 2.6.  Is this
> > 2.4.16-current, etc?  Anyone have any details about versions that are
> > safe so I/We can determine if I need to roll a new production kernel out
> > again?
> 
> It is possible that the problem is exploitable. There is no known public
> exploit yet, however.
> 
> 2.4.24 includes a fix for this (mm/mremap.c diff)

:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | GPG Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

Life is not a destination, it's a journey.
  Microsoft produces 15 car pileups on the highway.
    Don't stop traffic to stand and gawk at the tragedy.

Attachment: signature.asc
Description: Digital signature