Debian Security Advisory

DSA-450-1 linux-kernel-2.4.19-mips -- several vulnerabilities

Date Reported:
27 Feb 2004
Affected Packages:
kernel-source-2.4.19, kernel-patch-2.4.19-mips
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 9138, BugTraq ID 9356, BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2003-0961, CVE-2003-0985, CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
More information:

Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the mips kernel 2.4.19 for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update:

  • CAN-2003-0961:

    An integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23.

  • CAN-2003-0985:

    Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. Fixed upstream in Linux 2.4.24.

  • CAN-2004-0077:

    Paul Starzetz and Wojciech Purczynski of discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.

For the stable distribution (woody) these problems have been fixed in version 2.4.19-0.020911.1.woody3 of mips images and version 2.4.19-4.woody1 of kernel source.

For the unstable distribution (sid) this problem will be fixed soon with the next upload of a 2.4.19 kernel image and in version 2.4.22-0.030928.3 for 2.4.22.

We recommend that you upgrade your Linux kernel packages immediately.

Vulnerability matrix for CAN-2004-0077

Fixed in:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:
Big endian MIPS:

MD5 checksums of the listed files are available in the original advisory.