Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information and bypass certain security restrictions, and by malicious people to potentially compromise a vulnerable system.

1) A boundary error exists within the "CIFSTCon()" function in fs/cifs/connect.c. This can be exploited to cause a buffer overflow by e.g. sending a specially crafted Tree Connect response to a vulnerable client.

2) A boundary error exists within the "decode_unicode_ssetup()" function in fs/cifs/sess.c. This can be exploited to potentially cause a buffer overflow by tricking a user into connecting to a malicious server.

3) An error within the "agp_generic_alloc_page()" function in drivers/char/agp/generic.c can be exploited to disclose potentially sensitive kernel memory.

4) A security issue is caused due to CAP_FS_MASK_B0 not including the CAP_MKNOD and CAP_FS_SET not including the CAP_LINUX_IMMUTABLE capability, which can be exploited to e.g. create device nodes.

This is related to security issue #2 in:
SA34422

Solution
Update to version 2.6.30.

Provided and/or discovered by
1) Vinay Sridhar
2) Jeff Layton
3) Shaohua Li
4) Igor Zhbanov

Changelog
Further details available in Customer Area

Original Advisory
1) http://lists.samba.org/archive/linux-cifs-client/2009-April/004322.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b363b3304bcf68c4541683b2eff70b29f0446a5b
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f083def68f84b04fe3f97312498911afce79609e
2) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=27b87fe52baba0a55e9723030e76fce94fabcea4
3) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=59de2bebabc5027f93df999d59cc65df591c3e6e
4) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0ad30b8fd5fe798aae80df6344b415d8309342cc

Deep Links
Links available in Customer Area