Bug 118008 - CAN-2004-0077 do_remap vulnerability
Summary: CAN-2004-0077 do_remap vulnerability
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 3.0
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Ernie Petrides
QA Contact: Brian Brock
URL: http://isec.pl/vulnerabilities/isec-0...
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-03-10 23:27 UTC by Anchor Systems Managed Hosting
Modified: 2007-11-30 22:07 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-23 17:55:06 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Anchor Systems Managed Hosting 2004-03-10 23:27:00 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040115

Description of problem:
Is the kernel vulnerable to this issue reported March 1st 2004?

I have not seen any statement from Red Hat regarding this.

Version-Release number of selected component (if applicable):
smp-2.4.21-9.0.1.EL

How reproducible:
Couldn't Reproduce


Additional info:

Comment 1 Ernie Petrides 2004-03-11 00:12:52 UTC
The text for Red Hat Security Advisory RHSA-2004:066 specifically
states that CAN-2004-0077 is resolved by the 2.4.21-9.0.1.EL kernel.

The "official statement" from Red Hat regarding this can be verified
here:

  https://rhn.redhat.com/errata/RHSA-2004-066.html

The advisory was released 20-Feb-2004.


Comment 2 Mark J. Cox 2004-03-11 08:25:17 UTC
Please note that there is some confusion in the press - the press seem
to think that this issue was public on March 1st - however it was
actually made public by the ISEC research group on February 18th.

Comment 3 Leonard den Ottolander 2004-03-23 17:08:22 UTC
Indeed published Feb 18th, but FC 1 SPEC changelog states:

* Thu Feb  5 2004 Dave Jones <davej@redhat.com>
- Check do_mremap return values (CAN-2004-0077)

Thus we are speaking of a second issue under the same CAN number.

Comment 4 Leonard den Ottolander 2004-03-23 17:12:03 UTC
(Didn't mean to enter yet...)

The CAN report speaks of a *second* issue:

BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels

As the Fedora kernel update was released 2004-02-19 and it is not
mentioned in the changelog I believe this issue has *not* been
addressed yet.

Please reference http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt


Comment 5 Leonard den Ottolander 2004-03-23 17:55:06 UTC
Sorry for my confusion.

If I understand correctly this issue has been embargoed for a couple
of weeks, and was actually already discovered somewhere around the
beginning of February. Too bad the dating of the various reports on
this issue is so poor. 

After studying the patches I found out that the issue is indeed fixed
with the linux-2.4.25pre-selected-patches.patch. Maybe it is a good
idea to mention the name of the patch that fixes the issue in the
changelog or the security advisory?



Note You need to log in before you can comment on or make changes to this bug.