Linux Kernel mmap() Lets Local Users Create Invalid Memory Maps to Deny Service or Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1014152
|
|
SecurityTracker URL: http://securitytracker.com/id?1014152
|
|
CVE Reference: CVE-2005-1265
(Links to External Site)
|
Updated: Aug 12 2008
|
Original Entry Date: Jun 9 2005
|
Impact: Denial of service via local system, Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.6
|
Description: A vulnerability was reported in the Linux kernel mmap() function. A local user can crash the kernel and may be able to execute arbitrary code.
A local user can cause the mmap() function to create an invalid memory map, where the start address is located beyond the end address.
The flaw resides in 'mm/mmap.c'.
Chris Wright discovered this vulnerability.
|
Impact: A local user can cause the kernel to crash.
A local user may be able to execute arbitrary code with kernel-level privileges.
|
Solution: A fix is available at:
http://www.kernel.org/
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause: Boundary error, Input validation error
|
Underlying OS: Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandriva/Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Ubuntu), Linux (Xandros)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 9 Jun 2005 02:53:12 -0400
Subject: [none]
|
Ubuntu reported:
> Chris Wright discovered that the mmap() function could create illegal
> memory maps (using the "mmap" function) with the start address
> pointing beyond the end address. A local user could exploit this to
> crash the kernel or possibly even execute arbitrary code with kernel
> privileges. (CAN-2005-1265)
|
|
