Re: 2.6.1-rc1 affected?

From: GCS
Date: Mon Jan 05 2004 - 14:54:57 EST

Next message: Justin T. Gibbs: "Re: [BUG] x86_64 pci_map_sg modifies sg list - fails multiple map/unmaps"
Previous message: Ville Herva: "Re: 2.6.0 under vmware ?"
In reply to: Markus Hästbacka: "Re: 2.6.1-rc1 affected?"
Next in thread: Tomas Szepe: "Re: 2.6.1-rc1 affected?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 05, 2004 at 10:31:02AM -0800, Linus Torvalds <torvalds@xxxxxxxx> wrote:
[snip]
> And because nobody has an exploit yet, and one may be hard or
> impossible to create?
There _is_ an exploit: http://isec.pl/vulnerabilities/isec-0013-mremap.txt
"Since no special privileges are required to use the mremap(2) system
call any process may misuse its unexpected behavior to disrupt the kernel
memory management subsystem. Proper exploitation of this vulnerability may
lead to local privilege escalation including execution of arbitrary code
with kernel level access. Proof-of-concept exploit code has been created
and successfully tested giving UID 0 shell on vulnerable systems."

Cheers,
GCS
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Justin T. Gibbs: "Re: [BUG] x86_64 pci_map_sg modifies sg list - fails multiple map/unmaps"
Previous message: Ville Herva: "Re: 2.6.0 under vmware ?"
In reply to: Markus Hästbacka: "Re: 2.6.1-rc1 affected?"
Next in thread: Tomas Szepe: "Re: 2.6.1-rc1 affected?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]