Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2003-0985

Published: 20/01/2004 Updated: 03/05/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 735
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

The mremap system call (do_mremap) in Linux kernel 2.4.x prior to 2.4.21, and possibly other versions prior to 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 2.4.0

linux linux kernel 2.4.15

linux linux kernel 2.4.16

linux linux kernel 2.4.18

linux linux kernel 2.4.19

linux linux kernel 2.4.21

linux linux kernel 2.4.22

linux linux kernel 2.4.9

linux linux kernel 2.4.1

linux linux kernel 2.4.10

linux linux kernel 2.4.17

linux linux kernel 2.4.2

linux linux kernel 2.4.23

linux linux kernel 2.4.3

linux linux kernel 2.4.13

linux linux kernel 2.4.14

linux linux kernel 2.4.7

linux linux kernel 2.4.8

linux linux kernel 2.4.11

linux linux kernel 2.4.12

linux linux kernel 2.4.20

linux linux kernel 2.4.4

linux linux kernel 2.4.5

linux linux kernel 2.4.6

Vendor Advisories

Debian Security Advisories: DSA-470-1 linux-kernel-2.4.17-hppa -- several vulnerabilities
Several local root exploits have been discovered recently in the Linux kernel This security advisory updates the hppa kernel 2417 for Debian GNU/Linux The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update: CAN-2003-0961: An integer overflow in brk() system call (do_brk() function) ...
Debian Security Advisories: DSA-450-1 linux-kernel-2.4.19-mips -- several vulnerabilities
Several local root exploits have been discovered recently in the Linux kernel This security advisory updates the mips kernel 2419 for Debian GNU/Linux The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update: CAN-2003-0961: An integer overflow in brk() system call (do_brk() function) ...
Debian Security Advisories: DSA-475-1 linux-kernel-2.4.18-hppa -- several vulnerabilities
Several local root exploits have been discovered recently in the Linux kernel This security advisory updates the PA-RISC kernel 2418 for Debian GNU/Linux The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update: CAN-2003-0961: An integer overflow in brk() system call (do_brk() functi ...
Debian Security Advisories: DSA-417-1 linux-kernel-2.4.18-powerpc+alpha -- missing boundary check
Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 24x and 26x) which may allow a local attacker to gain root privileges Version 22 is not affected by this bug Andrew Morton discovered a missing boundary check for the brk system call which can be used to craft a local root exploit For the ...
Debian Security Advisories: DSA-423-1 linux-kernel-2.4.17-ia64 -- several vulnerabilities
The IA-64 maintainers fixed several security related bugs in the Linux kernel 2417 used for the IA-64 architecture, mostly by backporting fixes from 2418 The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project: CAN-2003-0001: Multiple ethernet network interface card (NIC) device ...
Debian Security Advisories: DSA-442-1 linux-kernel-2.4.17-s390 -- several vulnerabilities
Several security related problems have been fixed in the Linux kernel 2417 used for the S/390 architecture, mostly by backporting fixes from 2418 and incorporating recent security fixes The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project: CVE-2002-0429: The iBCS routines in a ...
Debian Security Advisories: DSA-440-1 linux-kernel-2.4.17-powerpc-apus -- several vulnerabilities
Several local root exploits have been discovered recently in the Linux kernel This security advisory updates the PowerPC/Apus kernel for Debian GNU/Linux The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update: CAN-2003-0961: An integer overflow in brk() system call (do_brk() function ...

Exploits

Exploit DB: Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation
/* * Linux kernel mremap() bound checking bug exploit * * Bug found by Paul Starzetz <paul isec pl> * * Copyright (c) 2004 iSEC Security Research All Rights Reserved * * THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY* IT IS PROVIDED "AS IS" * AND WITHOUT ANY WARRANTY COPYING, PRINTING, DISTRIBUTION, MODIFICATION * WITHOUT PERMIS ...
Exploit DB: Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (1)
/* * EDB Note: This will just "test" the vulnerability * EDB Note: An exploit version can be found here ~ wwwexploit-dbcom/exploits/145/ */ /* * Proof-of-concept exploit code for do_mremap() * * Copyright (C) 2004 Christophe Devine and Julien Tinnes * * This program is free software; you can redistribute it and/or modify ...
Exploit DB: Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (2)
/* * EDB Note: This will just "test" the vulnerability * EDB Note: An exploit version can be found here ~ wwwexploit-dbcom/exploits/145/ */ /* * Proof of concept code for testing do_mremap() Linux kernel bug * It is based on the code by Christophe Devine and Julien Tinnes * posted on Bugtraq mailing list on 5 Jan 2004 but it's ...

References

NVD-CWE-Otherhttp://www.redhat.com/support/errata/RHSA-2003-417.htmlhttp://www.linuxsecurity.com/advisories/engarde_advisory-3904.htmlhttp://www.securityfocus.com/bid/9356http://isec.pl/vulnerabilities/isec-0013-mremap.txthttp://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremaphttp://www.debian.org/security/2004/dsa-423http://www.debian.org/security/2004/dsa-450http://www.debian.org/security/2006/dsa-1070http://www.debian.org/security/2006/dsa-1067http://www.debian.org/security/2006/dsa-1069http://www.debian.org/security/2006/dsa-1082http://www.debian.org/security/2004/dsa-413http://www.debian.org/security/2004/dsa-417http://www.debian.org/security/2004/dsa-427http://www.debian.org/security/2004/dsa-439http://www.debian.org/security/2004/dsa-440http://www.debian.org/security/2004/dsa-442http://www.debian.org/security/2004/dsa-470http://www.debian.org/security/2004/dsa-475http://www.novell.com/linux/security/advisories/2004_03_linux_kernel.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799http://www.redhat.com/support/errata/RHSA-2003-416.htmlhttp://www.redhat.com/support/errata/RHSA-2003-418.htmlhttp://www.redhat.com/support/errata/RHSA-2003-419.htmlhttp://download.immunix.org/ImmunixOS/7.3/updates/IMNX-2004-73-001-01http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001ftp://patches.sgi.com/support/free/security/advisories/20040102-01-Uhttp://archives.neohapsis.com/archives/bugtraq/2004-01/0070.htmlhttp://www.kb.cert.org/vuls/id/490620http://www.ciac.org/ciac/bulletins/o-045.shtmlhttp://www.osvdb.org/3315http://secunia.com/advisories/10532http://secunia.com/advisories/20163http://secunia.com/advisories/20202http://secunia.com/advisories/20338http://marc.info/?l=bugtraq&m=107350348418373&w=2http://marc.info/?l=bugtraq&m=107340814409017&w=2http://marc.info/?l=bugtraq&m=107394143105081&w=2http://marc.info/?l=bugtraq&m=107332782121916&w=2http://marc.info/?l=bugtraq&m=107340358402129&w=2http://marc.info/?l=bugtraq&m=107332754521495&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A867https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A860https://exchange.xforce.ibmcloud.com/vulnerabilities/14135https://nvd.nist.govhttps://www.exploit-db.com/exploits/145/https://www.kb.cert.org/vuls/id/490620
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook