CVE-2004-0077 — HIGH (7.2) — White Hats Nepal

Vulnerability Description

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Redhat	Bigmem Kernel	2.4.20-8
Redhat	Kernel	2.4.20-8
Redhat	Kernel Doc	2.4.20-8
Redhat	Kernel Source	2.4.20-8
Linux	Linux Kernel	2.2.0
Netwosix	Netwosix Linux	1.0
Trustix	Secure Linux	1.5

References

FAQ

What is CVE-2004-0077?

CVE-2004-0077 is a vulnerability with a CVSS score of 7.2 (HIGH). The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number ...

How severe is CVE-2004-0077?

CVE-2004-0077 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0077?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Bigmem Kernel, Redhat Kernel, Redhat Kernel Doc, Redhat Kernel Source, Linux Linux Kernel.