Debian Security Advisory

DSA-440-1 linux-kernel-2.4.17-powerpc-apus -- several vulnerabilities

Date Reported:
18 Feb 2004
Affected Packages:
kernel-source-2.4.17, kernel-patch-2.4.17-apus
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2003-0961, CVE-2003-0985, CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
More information:

Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the PowerPC/Apus kernel for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update:

  • CAN-2003-0961:

    An integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23.

  • CAN-2003-0985:

    Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. Fixed upstream in Linux 2.4.24.

  • CAN-2004-0077:

    Paul Starzetz and Wojciech Purczynski of discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.

For the stable distribution (woody) these problems have been fixed in version 2.4.17-4 of powerpc/apus images.

Other architectures will probably be mentioned in a separate advisory or are not affected (m68k).

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your Linux kernel packages immediately.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.