Bug 118008 - CAN-2004-0077 do_remap vulnerability
CAN-2004-0077 do_remap vulnerability
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ernie Petrides
Brian Brock
http://isec.pl/vulnerabilities/isec-0...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-10 18:27 EST by Anchor Systems Managed Hosting
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-23 12:55:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Anchor Systems Managed Hosting 2004-03-10 18:27:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040115

Description of problem:
Is the kernel vulnerable to this issue reported March 1st 2004?

I have not seen any statement from Red Hat regarding this.

Version-Release number of selected component (if applicable):
smp-2.4.21-9.0.1.EL

How reproducible:
Couldn't Reproduce


Additional info:
Comment 1 Ernie Petrides 2004-03-10 19:12:52 EST
The text for Red Hat Security Advisory RHSA-2004:066 specifically
states that CAN-2004-0077 is resolved by the 2.4.21-9.0.1.EL kernel.

The "official statement" from Red Hat regarding this can be verified
here:

  https://rhn.redhat.com/errata/RHSA-2004-066.html

The advisory was released 20-Feb-2004.
Comment 2 Mark J. Cox (Product Security) 2004-03-11 03:25:17 EST
Please note that there is some confusion in the press - the press seem
to think that this issue was public on March 1st - however it was
actually made public by the ISEC research group on February 18th.
Comment 3 Leonard den Ottolander 2004-03-23 12:08:22 EST
Indeed published Feb 18th, but FC 1 SPEC changelog states:

* Thu Feb  5 2004 Dave Jones <davej@redhat.com>
- Check do_mremap return values (CAN-2004-0077)

Thus we are speaking of a second issue under the same CAN number.
Comment 4 Leonard den Ottolander 2004-03-23 12:12:03 EST
(Didn't mean to enter yet...)

The CAN report speaks of a *second* issue:

BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels

As the Fedora kernel update was released 2004-02-19 and it is not
mentioned in the changelog I believe this issue has *not* been
addressed yet.

Please reference http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Comment 5 Leonard den Ottolander 2004-03-23 12:55:06 EST
Sorry for my confusion.

If I understand correctly this issue has been embargoed for a couple
of weeks, and was actually already discovered somewhere around the
beginning of February. Too bad the dating of the various reports on
this issue is so poor. 

After studying the patches I found out that the issue is indeed fixed
with the linux-2.4.25pre-selected-patches.patch. Maybe it is a good
idea to mention the name of the patch that fixes the issue in the
changelog or the security advisory?

Note You need to log in before you can comment on or make changes to this bug.