Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


SmoothWall Project Advisory: kernel

Feb 26, 2004, 21:59 (0 Talkback[s])

SmoothWall Project Security Advisory SWP-2004:002

Summary: Updates for SmoothWall Express to correct local vulnerabilities in Linux kernel.
Importance: Severe
Issue: Possible local vulnerabilities
CVE Names: CAN-2004-0077
Released: 2004-02-27
SW-specific: no

Affected Products:

SmoothWall Express 2.0 (fixes1)

The products shown must be updated to the fix level as shown above before applying any updates mentioned in this advisory.


Description

Critical security vulnerabilities have been found in the Linux kernel in the following areas:

  • Locally exploitable vulnerabilities in memory management code (mremap system calls)

These vulnerabilities can result in privilege escalation or unwanted availability of sensitive information.


Corrective Actions

You should download and install the required update for your product(s). The updates can be downloaded from the web links below, along with installation instructions and any further caveats or updates.

SmoothWall Express 2.0 fixes 2
- http://smoothwall.org/p/2.0-fixes2.html


Further Information

CVE Candidate CAN-2004-0077
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077
Linux kernel do_mremap VMA limit local privilege escalation
- http://www.isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Linux Kernel 2.4.25 Changelog
- http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25