Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue Dec 02 2003 - 10:43:09 CST
Date: Tue Dec 02 2003 - 10:43:09 CST
Wojciech Purczynski wrote:
> This is not an integer overflow bug. do_brk() doesn't verify its arguments
> at all, allowing to create arbitrarily large virtual memory mapping (vma)
> consuming kernel memory.
At least this explains why it wasn't found by the Stanford checker tool.
Thanks.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Tue Dec 02 11:18:18 2003
This archive was generated by hypermail 2.1.8 : Tue Dec 02 2003 - 12:01:00 CST
Custom Search
