Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: February 27th, 2015
Linux Security Week: February 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Mandrake: kernel Privilege escalation vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Mandrake A flaw in bounds checking in mremap() in the Linux kernel may be used to allow a local attacker to obtain root privilege.


                Mandrake Linux Security Update Advisory

 Package name:           kernel
 Advisory ID:            MDKSA-2004:001
 Date:                   January 7th, 2004

 Affected versions:	 9.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2

 Problem Description:

 A flaw in bounds checking in mremap() in the Linux kernel versions
 2.4.23 and previous was discovered by Paul Starzetz.  This flaw may
 be used to allow a local attacker to obtain root privilege.
 Another minor information leak in the RTC (real time clock) routines
 was fixed as well.
 All Mandrake Linux users are encouraged to upgrade to these packages
 immediately.  To update your kernel, please follow the directions
 located at:
 Mandrake Linux 9.1 and 9.2 users should upgrade the initscripts (9.1)
 and bootloader-utils (9.2) packages prior to upgrading the kernel as
 they contain a fixed installkernel script that fixes instances where
 the loop module was not being loaded and would cause mkinitrd to fail.
 Users requiring commercial NVIDIA drivers can find drivers for
 Mandrake Linux 9.2 at MandrakeClub.


 Updated Packages:
 Corporate Server 2.1:
 344b324173b04d135c00072452203021  corporate/2.1/RPMS/kernel-
 558b3f1e0ae41705a7e9d934d49947c4  corporate/2.1/RPMS/kernel-enterprise-
 6a06c2133a894e542caf6cedf72e6d89  corporate/2.1/RPMS/kernel-secure-
 45aaeb3cf17a0d59adfabf63e6d8de6f  corporate/2.1/RPMS/kernel-smp-
 fd3c78a32146b808d3355e375e2a05b4  corporate/2.1/RPMS/kernel-source-2.4.19-37mdk.i586.rpm
 adc06d97e9468534ec14e330b102180c  corporate/2.1/SRPMS/kernel-

 Corporate Server 2.1/x86_64:
 d3d77a7084d6d5a976a8a40285ba03b6  x86_64/corporate/2.1/RPMS/kernel-
 b2bb6374e1f0e2db7ea9d3f13b4a0d6f  x86_64/corporate/2.1/RPMS/kernel-secure-
 216d6cfcc6a3409228d1a5161c6b0aeb  x86_64/corporate/2.1/RPMS/kernel-smp-
 780d0a110c2512006a4e9cb52afe463c  x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-34mdk.x86_64.rpm
 a1fb994e250ce11fc08e460dee0cddd5  x86_64/corporate/2.1/SRPMS/kernel-

 Mandrake Linux 9.0:
 344b324173b04d135c00072452203021  9.0/RPMS/kernel-
 558b3f1e0ae41705a7e9d934d49947c4  9.0/RPMS/kernel-enterprise-
 6a06c2133a894e542caf6cedf72e6d89  9.0/RPMS/kernel-secure-
 45aaeb3cf17a0d59adfabf63e6d8de6f  9.0/RPMS/kernel-smp-
 fd3c78a32146b808d3355e375e2a05b4  9.0/RPMS/kernel-source-2.4.19-37mdk.i586.rpm
 adc06d97e9468534ec14e330b102180c  9.0/SRPMS/kernel-

 Mandrake Linux 9.1:
 2bde1321f95b49fa456ade29d03f0212  9.1/RPMS/initscripts-7.06-12.3.91mdk.i586.rpm
 7e6a48635fc44714dd4efdd5714c1968  9.1/RPMS/kernel-
 f901e50a01fb020f31102a2cf494e817  9.1/RPMS/kernel-enterprise-
 10c60ba7a25f1e7b3ea1f19636afcc6b  9.1/RPMS/kernel-secure-
 6270d3d1ce00b5d85931145e1b27f8a4  9.1/RPMS/kernel-smp-
 165628ae2d42c0f2f9bf894d3e9fc432  9.1/RPMS/kernel-source-2.4.21-0.27mdk.i586.rpm
 8cfd6b274467b7165bd5985805254567  9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm
 b6cd338f787dc5062763004afa45e623  9.1/SRPMS/kernel-

 Mandrake Linux 9.1/PPC:
 08ec2073354e8d64ebf81a79cd5bc319  ppc/9.1/RPMS/initscripts-7.06-12.3.91mdk.ppc.rpm
 84f9d61c4b504c6ccce1f87344d96692  ppc/9.1/RPMS/kernel-
 b389e5b0bffa3e166c2960d8e032fab1  ppc/9.1/RPMS/kernel-enterprise-
 0c0fd519aba807c43c78b89360ff26b1  ppc/9.1/RPMS/kernel-smp-
 feec3693688aedea8defd75da9cf6919  ppc/9.1/RPMS/kernel-source-2.4.21-0.27mdk.ppc.rpm
 8cfd6b274467b7165bd5985805254567  ppc/9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm
 b6cd338f787dc5062763004afa45e623  ppc/9.1/SRPMS/kernel-

 Mandrake Linux 9.2:
 dbae8a701a027e2a0aeb524643d3cdee  9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.i586.rpm
 2f9b2ed7be3388932bbc319611a0b8b7  9.2/RPMS/kernel-
 b2f4fe01031d1bf8d26ea6c408be63f8  9.2/RPMS/kernel-enterprise-
 e0dc38c45880e6732a50feba5470eaac  9.2/RPMS/kernel-i686-up-4GB-
 f4c5098f1ef165692963956fbc844690  9.2/RPMS/kernel-p3-smp-64GB-
 957ea9608c9e6488185e1d5b19d615e2  9.2/RPMS/kernel-secure-
 6c9bc5e4353a8f336a4bfe928a79bd13  9.2/RPMS/kernel-smp-
 8068ecb61313e6157811dbb8fe0f46a1  9.2/RPMS/kernel-source-2.4.22-26mdk.i586.rpm
 664a1994ee4c0d90df8f9341afa5b818  9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm
 4d92e02dee3945e4b7476ba4bba9bf6d  9.2/SRPMS/kernel-

 Mandrake Linux 9.2/AMD64:
 603219ea9ca09a9283c98ebfaab3c1ba  amd64/9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.amd64.rpm
 2d44e7cd4ff2148e3b9e548fd1beec59  amd64/9.2/RPMS/kernel-
 e98224df11f1c5f8c2432457e1e4a004  amd64/9.2/RPMS/kernel-secure-
 0dd710693b0df96ac6b1e68c5f5ad7c9  amd64/9.2/RPMS/kernel-smp-
 d3b57b8dd9a19a6b4ed2f8f01cfeb75f  amd64/9.2/RPMS/kernel-source-2.4.22-27mdk.amd64.rpm
 664a1994ee4c0d90df8f9341afa5b818  amd64/9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm
 945e4f9405fcccac6a844a86109b74b6  amd64/9.2/SRPMS/kernel-

 Multi Network Firewall 8.2:
 15023427ad0c65e0607e217778bc6672  mnf8.2/RPMS/kernel-secure-
 adc06d97e9468534ec14e330b102180c  mnf8.2/SRPMS/kernel-

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to

 You can view other update advisories for Mandrake Linux at:

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by

 If you want to report vulnerabilities, please contact

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
DDoS Exploit Targets Open Source Rejetto HFS
Gemalto Confirms It Was Hacked But Insists the NSA Didnít Get Its Crypto Keys
Hackers exploit router flaws in unusual pharming attack
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.