CVE: CAN-2004-0077
Updated: Tue, 06 Jul 2004 14:08:10 +0900
Summary: The do_mremap function for the mremap system call in Linux 2.2 to
         2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check 
	 the return value from the do_munmap function when the maximum 
	 number of VMA descriptors is exceeded, which allows local users to 
	 gain root privileges, a different vulnerability than CAN-2003-0985. 
	 (text:CAN-2004-0077)
Priority: High
Status: Closed
Source: RHSA-2004:065-03, RHSA-2004:066-09, DSA-438-1,
        FEDORA-2004-079, FEDORA-2004-080
Link:  http://www.ultramonkey.org/news_archive.shtml#2004022000
       http://www.ultramonkey.org/news_archive.shtml#2004062601
Resolved In:
  Kernel: 2.4.26-pre3
  Patch: http://linux.bkbits.net:8080/linux-2.4/cset@1.1302.39.4??index.html
  Red Hat Linux 7.3:
          Vendor:      None
          UltraMonkey: kernel-2.4.20-28.7.3.um.2
  Red Hat Linux 8.0:
          Vendor:      None
          UltraMonkey: kernel-2.4.20-28.8.um.2
  Red Hat Linux 9:
          Vendor:      kernel-2.4.20-30.9
          UltraMonkey: kernel-2.4.20-30.9.um.1
  Fedora Core 1:
          Vendor:      kernel-1.2173.nptl, 1.2174.nptl
          UltraMonkey: kernel-2.4.22-1.2174.nptl.um.1
  Red Hat Enterprise Linux 3:
          Vendor:      kernel-2.4.21-9.0.1.EL
          UltraMonkey: kernel-2.4.21-9.0.1.EL.um.1
  Debian Woody:
          Vendor:      kernel-source-2.4.18_2.4.18-14.2
          UltraMonkey: kernel-source-2.4.22-1-ipvs_2.4.22-5woody.um.4
  Debian Sid:
          Vendor:      kernel-source-2.4.24_2.4.24-3
          UltraMonkey: kernel-source-2.4.22-1-ipvs_2.4.22-5.um.4