High severity7.8NVD Advisory· Published Sep 8, 2010· Updated Apr 29, 2026
CVE-2010-2524
CVE-2010-2524
Description
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.
Affected products
11cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- marc.infonvdMailing ListPatchThird Party Advisory
- marc.infonvdMailing ListPatchThird Party Advisory
- www.vmware.com/security/advisories/VMSA-2011-0003.htmlnvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlnvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- www.securityfocus.com/archive/1/516397/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1000-1nvdThird Party Advisory
- secunia.com/advisories/43315nvdBroken Link
- www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35nvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.redhat.com/support/errata/RHSA-2010-0610.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.