7.8

CVE-2010-2524

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.35
VMwareEsx Version4.0
VMwareEsx Version4.1
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version10.10
SuseSuse Linux Enterprise Desktop Version11 Updatesp1
SuseSuse Linux Enterprise Server Version11 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.337
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Patch
Third Party Advisory
http://secunia.com/advisories/43315
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0610.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
Third Party Advisory
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172
Broken Link
http://www.ubuntu.com/usn/USN-1000-1
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7
http://marc.info/?l=oss-security&m=128072090331700&w=2
Patch
Third Party Advisory
Mailing List
http://marc.info/?l=oss-security&m=128078387328921&w=2
Patch
Third Party Advisory
Mailing List
http://marc.info/?l=oss-security&m=128080755321157&w=2
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=612166
Patch
Third Party Advisory
Issue Tracking