Linux Today: Linux News On Internet Time.

SearchEnterpriseLinux: Serious Security Flaw Fixed in Linux Kernel

Jan 07, 2004, 14:00 (0 Talkback[s])
(Other stories by Michael S. Mimoso)

"A new version of the 2.4 Linux kernel was released overnight that addresses a serious security hole that could enable any user to escalate his privileges on a machine and run code.

"The flaw lies in the memory management code in the mremap system call in versions up to and including 2.4.23. Mremap resizes and moves processes into virtual memory areas (VMAs). An incorrect bounds check could lead to a malicious VMA that could disrupt other areas of the kernel's memory management subroutines, according to an alert released by Polish research firm iSEC Security Research Inc.

"Researcher Paul Starzetz, who discovered the flaw, said his team concentrated on the 2.4 kernel, but he said it is possible the recently released 2.6 kernel is affected as well..."

Complete Story

Related Stories: