Red Hat Bugzilla – Bug 118008
CAN-2004-0077 do_remap vulnerability
Last modified: 2007-11-30 17:07:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040115
Description of problem:
Is the kernel vulnerable to this issue reported March 1st 2004?
I have not seen any statement from Red Hat regarding this.
Version-Release number of selected component (if applicable):
The text for Red Hat Security Advisory RHSA-2004:066 specifically
states that CAN-2004-0077 is resolved by the 2.4.21-9.0.1.EL kernel.
The "official statement" from Red Hat regarding this can be verified
The advisory was released 20-Feb-2004.
Please note that there is some confusion in the press - the press seem
to think that this issue was public on March 1st - however it was
actually made public by the ISEC research group on February 18th.
Indeed published Feb 18th, but FC 1 SPEC changelog states:
* Thu Feb 5 2004 Dave Jones <firstname.lastname@example.org>
- Check do_mremap return values (CAN-2004-0077)
Thus we are speaking of a second issue under the same CAN number.
(Didn't mean to enter yet...)
The CAN report speaks of a *second* issue:
BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels
As the Fedora kernel update was released 2004-02-19 and it is not
mentioned in the changelog I believe this issue has *not* been
Please reference http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Sorry for my confusion.
If I understand correctly this issue has been embargoed for a couple
of weeks, and was actually already discovered somewhere around the
beginning of February. Too bad the dating of the various reports on
this issue is so poor.
After studying the patches I found out that the issue is indeed fixed
with the linux-2.4.25pre-selected-patches.patch. Maybe it is a good
idea to mention the name of the patch that fixes the issue in the
changelog or the security advisory?