LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: dns_resolver upcall security issue

Package(s):kernel CVE #(s):CVE-2010-2524
Created:August 3, 2010 Updated:June 20, 2011
Description: From the Red Hat bugzilla:

CIFS has the ability to chase MS-DFS referrals. In order to do this it has to be able to resolve hostnames into IP addresses. For this, it uses the keys API to upcall to the cifs.upcall userspace helper. It then resolves the name and hands the address back to the kernel.

The dns_resolver upcall currently used by CIFS is susceptible to cache stuffing. It's possible for a malicious user to stuff the keyring with the results of a lookup, and then trick the server into mounting a server of his choosing.

Alerts:
Debian DSA-2264-1 2011-06-18
Ubuntu USN-1083-1 2011-03-03
Ubuntu USN-1074-2 2011-02-28
Ubuntu USN-1074-1 2011-02-25
MeeGo MeeGo-SA-10:38 2010-10-09
Fedora FEDORA-2010-18983 2010-12-17
openSUSE openSUSE-SU-2010:0664-1 2010-09-23
SUSE SUSE-SA:2010:040 2010-09-13
Mandriva MDVSA-2010:172 2010-09-09
Fedora FEDORA-2010-14235 2010-09-08
SUSE SUSE-SA:2010:039 2010-09-08
openSUSE openSUSE-SU-2010:0592-1 2010-09-08
Ubuntu USN-1000-1 2010-10-19
CentOS CESA-2010:0610 2010-08-11
Red Hat RHSA-2010:0610-01 2010-08-10
Fedora FEDORA-2010-11412 2010-07-27
Fedora FEDORA-2010-11462 2010-07-27
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds