CVE-2010-2524 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2010-2524?

CVE-2010-2524 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-2524?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Vmware Esx, Canonical Ubuntu Linux, Suse Suse Linux Enterprise Desktop, Suse Suse Linux Enterprise Server.

Vulnerability Description

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.35
Vmware	Esx	4.0
Canonical	Ubuntu Linux	6.06
Suse	Suse Linux Enterprise Desktop	11
Suse	Suse Linux Enterprise Server	11

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlMailing ListThird Party Advisory
http://marc.info/?l=oss-security&m=128072090331700&w=2Mailing ListPatchThird Party Advisory
http://marc.info/?l=oss-security&m=128078387328921&w=2Mailing ListPatchThird Party Advisory
http://marc.info/?l=oss-security&m=128080755321157&w=2Mailing ListThird Party Advisory
http://secunia.com/advisories/43315Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0610.htmlBroken Link
http://www.securityfocus.com/archive/1/516397/100/0/threadedThird Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1000-1Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=612166Issue TrackingPatchThird Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2010-2524?

CVE-2010-2524 is a vulnerability with a CVSS score of 7.8 (HIGH). The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cif...

How severe is CVE-2010-2524?

CVE-2010-2524 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2524?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Vmware Esx, Canonical Ubuntu Linux, Suse Suse Linux Enterprise Desktop, Suse Suse Linux Enterprise Server.