Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [month] [year] [list] 
Date: Mon, 12 Jan 2009 12:57:55 +0800
From: "Eugene Teo" <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>, "Greg KH" <greg@...ah.com>
Subject: CVE-2009-0024 kernel: local privilege escalation in sys_remap_file_pages

Nelson Elhage reported that it is possible for a local, unprivileged
user to cause a denial of service, or gain root privileges by abusing
a flaw in sys_remap_file_pages().

The bug was introduced by commit 3ee6dafc, and it was fixed in
8a459e44. This was also fixed in 2.6.24 -stable tree with 7e3c396b.

We have assigned CVE-2009-0024 to this issue.

Take note that this does not affect the latest kernels as shipped with
Red Hat Enterprise Linux 5, Red Hat Enterprise MRG, Fedora 8 to 10,
Ubuntu 8.04 (Hardy) (Thanks Kees), and Debian GNU/Linux (Thanks Dann).

Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux