CVE-2010-2524 vulnerability in Canonical and Other Products
Published on September 8, 2010

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2010-2524

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2010-2524 are published in these products:

Canonical Ubuntu Linux

Linux Kernel

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

VMware Esx

Exploit Probability

EPSS

0.09%

Percentile

24.80%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2010-2524 vulnerability in Canonical and Other ProductsPublished on September 8, 2010

Products Associated with CVE-2010-2524

Exploit Probability

CVE-2010-2524 vulnerability in Canonical and Other Products
Published on September 8, 2010