Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

CVE Kennung:CVE-2010-2524
Beschreibung:The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS- DFS referrals.
Test Kennungen: 1.3.6.1.4.1.25623.1.0.67795   1.3.6.1.4.1.25623.1.0.67797   1.3.6.1.4.1.25623.1.0.69970  
Querverweise: Common Vulnerability Exposure (CVE) ID: CVE-2010-2524
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172
http://marc.info/?l=oss-security&m=128072090331700&w=2
http://marc.info/?l=oss-security&m=128078387328921&w=2
http://marc.info/?l=oss-security&m=128080755321157&w=2
RedHat Security Advisories: RHSA-2010:0610
http://www.redhat.com/support/errata/RHSA-2010-0610.html
http://secunia.com/advisories/43315
SuSE Security Announcement: SUSE-SA:2010:040 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
http://www.ubuntu.com/usn/USN-1000-1




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.