Title: Linux Segment Limit Vulnerability
Severity: INFO
Description:
This vulnerability has to do with the division of the address space between a user process and the kernel. Because of a bug, if you select a non-standard memory configuration, sometimes user level processes may be given access up to 252Mb of memory that are really part of the kernel. This allows the process to first search for its memory descriptor and then extend it to cover the rest of the kernel memory. It can then search for a task_struct and modify it so its uid is zero (root). This vulnerability is very obscure, only works on that version of linux, and only if you select a non-standard memory configuration.
Affected Products:
- Linux kernel 2.0.37
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
