CVE-2010-2524


Severity : Medium
Published : 2010-09-08
Modified : 2012-03-19
Base Score : 4.4
Details : The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.
Product/Version : MVL5 Kernel 2.6.29  
MVL6 Kernel 2.6.24  
 
 
 


CVE Vulnerabilities List CVE-2010