Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | 2.6.23 (including) | 2.6.23 (including) |
| Linux | Ubuntu | upstream | * |
References
- http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5
- http://osvdb.org/40907
- http://secunia.com/advisories/28070
- http://www.securityfocus.com/bid/26831
- http://www.vupen.com/english/advisories/2007/4200
- http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5
- http://osvdb.org/40907
- http://secunia.com/advisories/28070
- http://www.securityfocus.com/bid/26831
- http://www.vupen.com/english/advisories/2007/4200