Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-2524

Опубликовано: 22 июл. 2010
Источник: redhat
CVSS2: 4.4
EPSS Низкий

Описание

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.

Отчет

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as they did not include support for the upcall mechanism for the Common Internet File System (CIFS). This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0723.html.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=612166kernel: dns_resolver upcall security issue

EPSS

Процентиль: 25%
0.00082
Низкий

4.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-2524

CVSS3: 7.8
ubuntu
почти 15 лет назад

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.

nvd логотип

CVE-2010-2524

CVSS3: 7.8
nvd
почти 15 лет назад

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.

debian логотип

CVE-2010-2524

CVSS3: 7.8
debian
почти 15 лет назад

The DNS resolution functionality in the CIFS implementation in the Lin ...

github логотип

GHSA-gh3w-mmv8-hhv4

CVSS3: 7.8
github
около 3 лет назад

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.

oracle-oval логотип

ELSA-2010-0610

oracle-oval
почти 15 лет назад

ELSA-2010-0610: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 25%
0.00082
Низкий

4.4 Medium

CVSS2