Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 18 Feb 2004 16:45:28 -0500
From: "Bill Jaeger" <wlj@...erNook.net>
To: <owl-users@...ts.openwall.com>
Subject: RE: New mremap vulnerability


On Wed, Feb 18, 2004 at 10:42:19AM -0500, Solar Designer wrote:
> On Wed, Feb 18, 2004 at 09:15:24AM -0600, Steve Bremer wrote:
> > 	After reviewing the 2.4.24 -> 2.4.25 patch, it appears to me
> > that those of us using either the 2.4.23-ow2 or 2.4.24-ow1 kernel
> > patches are not affected by this latest mremap security bug.  Can you
> > confirm this?  In fact, it looks like the code from the Openwall kernel
> > patches in 2.4.25.
>
> Confirmed.
>
> I don't know why Paul chose to not mention it in his Bugtraq announcement,
> he was aware that 2.4.23-ow2+ has this fixed.

Are those of us running linux-2.2.25-ow1 (w/ -HAP extensions) vulnerable to
the latest mremap(2) security hole?  If so, does anyone know of a patch that
closes this hole under 2.2.25?

Thanks,
-Bill

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux