CVE-2003-0985
Linux kernel 2.4.x < 2.4.21 - Denial of Service and Privilege Escalation via mremap Bounds Check Bypass
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2003-0985. PoCs published by Paul Starzetz, Christophe Devine.
AI-analyzed exploit summary This exploit targets a Linux kernel vulnerability (CVE-2003-0985) in the mremap() system call, which allows local privilege escalation to root by manipulating memory mappings and exploiting a race condition. The PoC uses a combination of memory mapping, signal handling, and slab allocation manipulation to achieve arbitrary code execution in kernel context.
Description
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
Exploits (3)
This exploit targets a Linux kernel vulnerability (CVE-2003-0985) in the mremap() system call, which allows local privilege escalation to root by manipulating memory mappings and exploiting a race condition. The PoC uses a combination of memory mapping, signal handling, and slab allocation manipulation to achieve arbitrary code execution in kernel context.
This code tests the do_mremap() Linux kernel bug (CVE-2003-0985) by attempting to remap memory regions. It checks if the kernel is vulnerable by verifying if the remapping operation succeeds, which could lead to privilege escalation.
This PoC exploits a vulnerability in the Linux kernel's do_mremap() function (CVE-2003-0985) by attempting to remap memory with invalid parameters, potentially leading to a local privilege escalation. The code calls real_mremap with a zero-sized old region and a fixed new address, triggering the vulnerability.