CVE-2010-2524

by Fred · 08/09/2010

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user’s keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.

Date published : 2010-09-08

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7

CVE-2010-2524

Similar

Recent Posts

Categories

CVE-2010-2524

Share this:

Similar

Recent Posts

Categories

Tags