{"vuid":"VU#490620","idnumber":"490620","name":"Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length","keywords":["Linux","kernel","mremap","do_mremap()","virtual memory","0 bytes length","virtual memory areas","VMA"],"overview":"There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges.","clean_desc":"The Linux kernel contains a vulnerability in the do_mremap() call that allows software to create a virtual memory area (VMA) with a length of 0 bytes. This vulnerability is reported to exist in versions 2.4.23 and earlier, excluding 2.2.x versions. Because the vulnerability is located within the kernel, multiple Linux distributions will be affected. An attacker with local access to an affected host may be able to exploit this vulnerability and gain superuser privileges.","impact":"This vulnerability allows local users to gain superuser privileges on affected hosts.","resolution":"Apply a patch from your vendor This vulnerability affects multiple Linux distributions; please see the Systems Affected section of this document for information on specific vendors.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Paul Starzetz","author":"This document was written by Jeffrey P. Lanza.","public":["http://www.kernel.org/","http://isec.pl/vulnerabilities/isec-0013-mremap.txt","http://xforce.iss.net/xforce/xfdb/14135","http://www.ciac.org/ciac/bulletins/o-045.shtml","http://www.secunia.com/advisories/10582/","http://www.secunia.com/advisories/10585/","http://www.secunia.com/advisories/10584/","http://www.secunia.com/advisories/10583/"],"cveids":["CVE-2003-0985"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-01-05T17:01:09Z","publicdate":"2004-01-05T00:00:00Z","datefirstpublished":"2004-03-09T17:02:01Z","dateupdated":"2004-08-19T23:33:15Z","revision":23,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"18","cam_exploitation":"10","cam_internetinfrastructure":"10","cam_population":"20","cam_impact":"19","cam_easeofexploitation":"5","cam_attackeraccessrequired":"10","cam_scorecurrent":"13.5375","cam_scorecurrentwidelyknown":"14.25","cam_scorecurrentwidelyknownexploited":"17.8125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":13.5375,"vulnote":null}