CVE-2004-0077

Current Description

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.

Basic Data

PublishedMarch 03, 2004
Last ModifiedMay 03, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatBigmem Kernel2.4.20-8*i686*****
    2.3ApplicationRedhatKernel2.4.20-8*athlon_smp*****
    2.3ApplicationRedhatKernel2.4.20-8*i386*****
    2.3ApplicationRedhatKernel2.4.20-8*i686_smp*****
    2.3ApplicationRedhatKernel Doc2.4.20-8*i386*****
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationRedhatKernel Source2.4.20-8*i386_src*****
      2.3OSLinuxLinux Kernel2.2.0*******
      2.3OSLinuxLinux Kernel2.2.1*******
      2.3OSLinuxLinux Kernel2.2.2*******
      2.3OSLinuxLinux Kernel2.2.3*******
      2.3OSLinuxLinux Kernel2.2.4*******
      2.3OSLinuxLinux Kernel2.2.5*******
      2.3OSLinuxLinux Kernel2.2.6*******
      2.3OSLinuxLinux Kernel2.2.7*******
      2.3OSLinuxLinux Kernel2.2.8*******
      2.3OSLinuxLinux Kernel2.2.9*******
      2.3OSLinuxLinux Kernel2.2.10*******
      2.3OSLinuxLinux Kernel2.2.11*******
      2.3OSLinuxLinux Kernel2.2.12*******
      2.3OSLinuxLinux Kernel2.2.13*******
      2.3OSLinuxLinux Kernel2.2.14*******
      2.3OSLinuxLinux Kernel2.2.15*******
      2.3OSLinuxLinux Kernel2.2.15pre16******
      2.3OSLinuxLinux Kernel2.2.15_pre20*******
      2.3OSLinuxLinux Kernel2.2.16*******
      2.3OSLinuxLinux Kernel2.2.16pre6******
      2.3OSLinuxLinux Kernel2.2.17*******
      2.3OSLinuxLinux Kernel2.2.18*******
      2.3OSLinuxLinux Kernel2.2.19*******
      2.3OSLinuxLinux Kernel2.2.20*******
      2.3OSLinuxLinux Kernel2.2.21*******
      2.3OSLinuxLinux Kernel2.2.22*******
      2.3OSLinuxLinux Kernel2.2.23*******
      2.3OSLinuxLinux Kernel2.2.24*******
      2.3OSLinuxLinux Kernel2.4.0*******
      2.3OSLinuxLinux Kernel2.4.0test1******
      2.3OSLinuxLinux Kernel2.4.0test10******
      2.3OSLinuxLinux Kernel2.4.0test11******
      2.3OSLinuxLinux Kernel2.4.0test12******
      2.3OSLinuxLinux Kernel2.4.0test2******
      2.3OSLinuxLinux Kernel2.4.0test3******
      2.3OSLinuxLinux Kernel2.4.0test4******
      2.3OSLinuxLinux Kernel2.4.0test5******
      2.3OSLinuxLinux Kernel2.4.0test6******
      2.3OSLinuxLinux Kernel2.4.0test7******
      2.3OSLinuxLinux Kernel2.4.0test8******
      2.3OSLinuxLinux Kernel2.4.0test9******
      2.3OSLinuxLinux Kernel2.4.1*******
      2.3OSLinuxLinux Kernel2.4.2*******
      2.3OSLinuxLinux Kernel2.4.3*******
      2.3OSLinuxLinux Kernel2.4.4*******
      2.3OSLinuxLinux Kernel2.4.5*******
      2.3OSLinuxLinux Kernel2.4.6*******
      2.3OSLinuxLinux Kernel2.4.7*******
      2.3OSLinuxLinux Kernel2.4.8*******
      2.3OSLinuxLinux Kernel2.4.9*******
      2.3OSLinuxLinux Kernel2.4.10*******
      2.3OSLinuxLinux Kernel2.4.11*******
      2.3OSLinuxLinux Kernel2.4.12*******
      2.3OSLinuxLinux Kernel2.4.13*******
      2.3OSLinuxLinux Kernel2.4.14*******
      2.3OSLinuxLinux Kernel2.4.15*******
      2.3OSLinuxLinux Kernel2.4.16*******
      2.3OSLinuxLinux Kernel2.4.17*******
      2.3OSLinuxLinux Kernel2.4.18*******
      2.3OSLinuxLinux Kernel2.4.18*x86*****
      2.3OSLinuxLinux Kernel2.4.18pre1******
      2.3OSLinuxLinux Kernel2.4.18pre2******
      2.3OSLinuxLinux Kernel2.4.18pre3******
      2.3OSLinuxLinux Kernel2.4.18pre4******
      2.3OSLinuxLinux Kernel2.4.18pre5******
      2.3OSLinuxLinux Kernel2.4.18pre6******
      2.3OSLinuxLinux Kernel2.4.18pre7******
      2.3OSLinuxLinux Kernel2.4.18pre8******
      2.3OSLinuxLinux Kernel2.4.19*******
      2.3OSLinuxLinux Kernel2.4.19pre1******
      2.3OSLinuxLinux Kernel2.4.19pre2******
      2.3OSLinuxLinux Kernel2.4.19pre3******
      2.3OSLinuxLinux Kernel2.4.19pre4******
      2.3OSLinuxLinux Kernel2.4.19pre5******
      2.3OSLinuxLinux Kernel2.4.19pre6******
      2.3OSLinuxLinux Kernel2.4.20*******
      2.3OSLinuxLinux Kernel2.4.21*******
      2.3OSLinuxLinux Kernel2.4.21pre1******
      2.3OSLinuxLinux Kernel2.4.21pre4******
      2.3OSLinuxLinux Kernel2.4.21pre7******
      2.3OSLinuxLinux Kernel2.4.22*******
      2.3OSLinuxLinux Kernel2.4.23*******
      2.3OSLinuxLinux Kernel2.4.23pre9******
      2.3OSLinuxLinux Kernel2.4.24*******
      2.3OSLinuxLinux Kernel2.6.0*******
      2.3OSLinuxLinux Kernel2.6.0test1******
      2.3OSLinuxLinux Kernel2.6.0test10******
      2.3OSLinuxLinux Kernel2.6.0test11******
      2.3OSLinuxLinux Kernel2.6.0test2******
      2.3OSLinuxLinux Kernel2.6.0test3******
      2.3OSLinuxLinux Kernel2.6.0test4******
      2.3OSLinuxLinux Kernel2.6.0test5******
      2.3OSLinuxLinux Kernel2.6.0test6******
      2.3OSLinuxLinux Kernel2.6.0test7******
      2.3OSLinuxLinux Kernel2.6.0test8******
      2.3OSLinuxLinux Kernel2.6.0test9******
      2.3OSLinuxLinux Kernel2.6.1rc1******
      2.3OSLinuxLinux Kernel2.6.1rc2******
      2.3OSLinuxLinux Kernel2.6.2*******
      2.3OSLinuxLinux Kernel2.6_test9_cvs*******
      2.3OSNetwosixNetwosix Linux1.0*******
      2.3OSTrustixSecure Linux1.5*******
      2.3OSTrustixSecure Linux2.0*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationRedhatKernel2.4.20-8*athlon*****
      2.3ApplicationRedhatKernel2.4.20-8*i386*****
      2.3ApplicationRedhatKernel2.4.20-8*i686*****

Vulnerable Software List

VendorProductVersions
Redhat Kernel 2.4.20-8
Redhat Bigmem Kernel 2.4.20-8
Redhat Kernel Doc 2.4.20-8
Redhat Kernel Source 2.4.20-8
Netwosix Netwosix Linux 1.0
Linux Linux Kernel 2.2.0, 2.2.1, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.2.15, 2.2.15_pre20, 2.2.16, 2.2.17, 2.2.18, 2.2.19, 2.2.2, 2.2.20, 2.2.21, 2.2.22, 2.2.23, 2.2.24, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.4.0, 2.4.1, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.2, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.6.0, 2.6.1, 2.6.2, 2.6_test9_cvs
Trustix Secure Linux 1.5, 2.0

References

NameSourceURLTags
20040218 Second critical mremap() bug found in all Linux kernelshttp://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.htmlVULNWATCH
CLA-2004:820http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820CONECTIVA
FEDORA-2004-079http://fedoranews.org/updates/FEDORA-2004-079.shtmlFEDORA
MDKSA-2004:015http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015MANDRAKE
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txthttp://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txtMISC
20040218 Second critical mremap() bug found in all Linux kernelshttp://marc.info/?l=bugtraq&m=107711762014175&w=2BUGTRAQ
2004-0007http://marc.info/?l=bugtraq&m=107712137732553&w=2TRUSTIX
2004-0008http://marc.info/?l=bugtraq&m=107755871932680&w=2TRUSTIX
GLSA-200403-02http://security.gentoo.org/glsa/glsa-200403-02.xmlGENTOOPATCH Vendor Advisory
O-082http://www.ciac.org/ciac/bulletins/o-082.shtmlCIAC
DSA-438http://www.debian.org/security/2004/dsa-438DEBIAN
DSA-439http://www.debian.org/security/2004/dsa-439DEBIANPATCH Vendor Advisory
DSA-440http://www.debian.org/security/2004/dsa-440DEBIAN
DSA-441http://www.debian.org/security/2004/dsa-441DEBIAN
DSA-442http://www.debian.org/security/2004/dsa-442DEBIAN
DSA-444http://www.debian.org/security/2004/dsa-444DEBIAN
DSA-450http://www.debian.org/security/2004/dsa-450DEBIAN
DSA-453http://www.debian.org/security/2004/dsa-453DEBIAN
DSA-454http://www.debian.org/security/2004/dsa-454DEBIAN
DSA-456http://www.debian.org/security/2004/dsa-456DEBIAN
DSA-466http://www.debian.org/security/2004/dsa-466DEBIAN
DSA-470http://www.debian.org/security/2004/dsa-470DEBIAN
DSA-475http://www.debian.org/security/2004/dsa-475DEBIAN
DSA-514http://www.debian.org/security/2004/dsa-514DEBIAN
VU#981222http://www.kb.cert.org/vuls/id/981222CERT-VNUS Government Resource
SuSE-SA:2004:005http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.htmlSUSE
3986http://www.osvdb.org/3986OSVDB
RHSA-2004:065http://www.redhat.com/support/errata/RHSA-2004-065.htmlREDHAT
RHSA-2004:066http://www.redhat.com/support/errata/RHSA-2004-066.htmlREDHAT
RHSA-2004:069http://www.redhat.com/support/errata/RHSA-2004-069.htmlREDHAT
RHSA-2004:106http://www.redhat.com/support/errata/RHSA-2004-106.htmlREDHAT
9686http://www.securityfocus.com/bid/9686BIDExploit PATCH Vendor Advisory
SSA:2004-049http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734SLACKWARE
linux-mremap-gain-privileges(15244)https://exchange.xforce.ibmcloud.com/vulnerabilities/15244XF
oval:org.mitre.oval:def:825https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825OVAL
oval:org.mitre.oval:def:837https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837OVAL