Linux Kernel mmap() Lets Local Users Create Invalid Memory Maps to Deny Service or Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1014152 |
|
SecurityTracker URL: http://securitytracker.com/id/1014152
|
|
CVE Reference:
CVE-2005-1265
(Links to External Site)
|
Updated: Aug 12 2008
|
Original Entry Date: Jun 9 2005
|
Impact:
Denial of service via local system, Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.6
|
Description:
A vulnerability was reported in the Linux kernel mmap() function. A local user can crash the kernel and may be able to execute arbitrary code.
A local user can cause the mmap() function to create an invalid memory map, where the start address is located beyond the end address.
The flaw resides in 'mm/mmap.c'.
Chris Wright discovered this vulnerability.
|
Impact:
A local user can cause the kernel to crash.
A local user may be able to execute arbitrary code with kernel-level privileges.
|
Solution:
A fix is available at:
http://www.kernel.org/
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
Boundary error, Input validation error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 9 Jun 2005 02:53:12 -0400
Subject: [none]
|
Ubuntu reported:
> Chris Wright discovered that the mmap() function could create illegal
> memory maps (using the "mmap" function) with the start address
> pointing beyond the end address. A local user could exploit this to
> crash the kernel or possibly even execute arbitrary code with kernel
> privileges. (CAN-2005-1265)
|
|
