Oval Definition:oval:org.mitre.oval:def:22091
Revision Date:2014-02-24Version:100
Title:RHSA-2010:0610: kernel security and bug fix update (Important)
Description:The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2010:0610
CVE-2010-1084
CVE-2010-2066
CVE-2010-2070
CVE-2010-2226
CVE-2010-2248
CVE-2010-2521
CVE-2010-2524
RHSA-2010:0610-01
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Product(s):kernel
Definition Synopsis
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • kernel-headers is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel-doc is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel-PAE-devel is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel-devel is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel-debug is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel-kdump is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel-xen-devel is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel-debug-devel is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel-PAE is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel-kdump-devel is earlier than 0:2.6.18-194.11.1.el5
  • OR kernel-xen is earlier than 0:2.6.18-194.11.1.el5
    • BACK