SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware Vendors:   VMware
(VMware Issues Fix) Linux Kernel mremap() Improper Bounds Checking Lets Local Users Gain Root Privileges
SecurityTracker Alert ID:  1009637
SecurityTracker URL:  http://securitytracker.com/id/1009637
CVE Reference:   CVE-2003-0985   (Links to External Site)
Date:  Apr 2 2004
Impact:   Denial of service via local system, Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ESX Server 1.5.2, 2.0, and 2.0.1
Description:   A vulnerability was reported in the Linux kernel do_mremap() function. A local user can gain elevated privileges.

Paul Starzetz and Wojciech Purczynski of iSEC Security Research reported that the mremap(2) system call does not perform proper bounds checking in the do_mremap() kernel code. A local user can reportedly cause the kernel to remap memory and create a virtual memory area that is 0 bytes in length.

According to the report, a local user can gain root privileges on the system through non-trivial exploit methods.

The original advisory is available at:

http://isec.pl/vulnerabilities/isec-0013-mremap.txt

Impact:   A local user can execute arbitrary code with root privileges. A local user can also cause denial of service conditions on the system.
Solution:   VMware issued a security update for ESX Server 1.5.2, 2.0, and 2.0.1.

For ESX Server 2.0.1:

http://www.vmware.com/download/esx/esx201-7427update.html

For ESX Server 2:

http://www.vmware.com/download/esx/esx20-7483update.html

For ESX Server 1.5.2 patch 5:

http://www.vmware.com/download/esx/esx152-7428update.html

Cause:   Boundary error

Message History:   This archive entry is a follow-up to the message listed below.
Jan 5 2004 Linux Kernel mremap() Improper Bounds Checking Lets Local Users Gain Root Privileges



 Source Message Contents

Subject:  VMware security update


VMware issued a security update for ESX Server 1.5.2, 2.0, and 2.0.1 regarding CVE entries 
CAN-2004-0077, CAN-2003-0961, and CAN-2003-0985.

For ESX Server 2.0.1:

http://www.vmware.com/download/esx/esx201-7427update.html

For ESX Server 2:

http://www.vmware.com/download/esx/esx20-7483update.html

For ESX Server 1.5.2 patch 5:

http://www.vmware.com/download/esx/esx152-7428update.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC