win32sux |
04-22-2009 06:44 PM |
Linux Kernel Multiple Vulnerabilities
Secunia has updated the CIFSTCon() advisory it had previously issued, adding a couple vulnerabilities.
Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to potentially compromise a vulnerable system.
1) A boundary error exists within the "CIFSTCon()" function in fs/cifs/connect.c. This can be exploited to cause a buffer overflow by e.g. sending a specially crafted Tree Connect response to a vulnerable client.
2) A boundary error exists within the "decode_unicode_ssetup()" function in fs/cifs/sess.c. This can be exploited to potentially cause a buffer overflow by tricking a user into connecting to a malicious server.
3) An error within the "agp_generic_alloc_page()" function in drivers/char/agp/generic.c can be exploited to disclose potentially sensitive kernel memory.
Solution:
Fixed in version 2.6.30-rc3.
|
Secunia Advisory
|