Family: Debian Local Security Checks --> Category: infos
[DSA438] DSA-438-1 linux-kernel-2.4.18-alpha+i386+powerpc Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Paul Starzetz and Wojciech Purczynski of isec.pl
href="http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt">discovered a critical
security vulnerability in the memory management code of Linux inside
the mremap(2) system call. Due to missing function return value check
of internal functions a local attacker can gain root rights.
For the stable distribution (woody) this problem has been fixed in
version 2.4.18-14.2 of kernel-source, version 2.4.18-14 of alpha
images, version 2.4.18-12.2 of i386 images, version 2.4.18-5woody7
of i386bf images and version 2.4.18-1woody4 of powerpc images.
Other architectures will probably mentioned in a separate advisory or
are not affected (m68k).
For the unstable distribution (sid) this problem is fixed in version
2.4.24-3 for source, i386 and alpha images and version 2.4.22-10 for
This problem is also fixed in the upstream version of Linux 2.4.25 and
We recommend that you upgrade your Linux kernel packages immediately.
Vulnerability matrix for CVE-2004-0077
Solution : http://www.debian.org/security/2004/dsa-438
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.