> From: Bruno Lustosa [mailto:bruno@lustosa.net] > Tested it under Linux 2.6.1-rc1, and surprisingly, > the machine rebooted instantly. Isn't the mremap > bug supposed to be fixed on the 2.6 series? It is, but not in 2.6.1-rc1. >From http://isec.pl/vulnerabilities/isec-0013-mremap.txt: "Version: 2.2, 2.4 and 2.6 series" "The exploitability of the discovered vulnerability is possible, although not a trivial one. We have identified at least two different attack vectors for the 2.4 kernel series." And from http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.1-rc2 "<torvalds@home.osdl.org> Don't allow mremap of zero-sized areas." The do_mremap() vulnerability is fixed in the 2.6 kernel only in 2.6.1-rc2, where as you tested on 2.6.1-rc1. The latest version of the 2.2 kernel is 2.2.25, but there was no immediate changelog available. However, it was created on January 3 so I suspect it would have the patch? Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@pivx.com 949-231-8496 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net>
