kernel: two vulnerabilities in 2.4.23 [LWN.net]

Package(s):

kernel

CVE #(s):

CAN-2003-0984 CAN-2003-0985

Created:

January 5, 2004

Updated:

January 19, 2004

Description:

Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous which may allow a local attacker to gain root privileges. No exploit is currently available; however, it is believed that this issue is exploitable (although not trivially.) The Common Vulnerabilities and Exposures project has assigned the name CAN-2003-0985 to this issue. There is also a minor information leak in the real time clock (rtc) routines. The Common Vulnerabilities and Exposures project has assigned the name CAN-2003-0984 to this issue. See this advisory for more information.

Alerts:

Debian	DSA-427-1	2004-01-19
SuSE	SuSE-SA:2004:003	2004-01-15
Debian	DSA-417-2	2004-01-09
Slackware	SSA:2004-008-01	2004-01-08
Gentoo	200401-01	2004-01-08
Mandrake	MDKSA-2004:001	2004-01-07
Slackware	SSA:2004-006-01	2004-01-06
Red Hat	RHSA-2003:416-01	2004-01-07
Fedora	FEDORA-2003-047	2004-01-07
Debian	DSA-417-1	2004-01-07
Immunix	IMNX-2004-73-001-01	2004-01-05
SuSE	SuSE-SA:2004:001	2004-01-05
Fedora	FEDORA-2003-046	2004-01-05
Debian	DSA-413-1	2004-01-06
Trustix	2004-0001	2004-01-05
Conectiva	CLA-2004:799	2004-01-05
EnGarde	ESA-20040105-001	2003-01-05
Red Hat	RHSA-2003:419-01	2004-01-05
Red Hat	RHSA-2003:418-01	2004-01-05
Red Hat	RHSA-2003:417-01	2004-01-05

(Log in to post comments)

kernel: two vulnerabilities in 2.4.23

Posted Jan 15, 2004 16:58 UTC (Thu) by branden (subscriber, #7029) [Link]

EnGarde ESA-20040105-001 2003-01-05

Somehow, I doubt that EnGarde actually resolved this vulnerability on the date listed.