The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Linux kernel: file access via CIFS DNS resolver

Synthesis of the vulnerability

A local attacker can modify his keyring, in order to force the CIFS client of the Linux kernel to connect to a malicious CIFS/SMB server.
Severity of this alert: 2/4.
Creation date: 02/08/2010.
Références of this alert: CERTA-2010-AVI-355, CVE-2010-2524, DSA-2264-1, FEDORA-2010-11412, FEDORA-2010-11462, MDVSA-2010:172, openSUSE-SU-2010:0664-1, RHSA-2010:0610-01, SOL16477, SUSE-SA:2010:039, SUSE-SA:2010:040, SUSE-SA:2010:046, VIGILANCE-VUL-9803, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2.

Description of the vulnerability

The Linux kernel contains a CIFS/SMB client, which is used to connect to a remote share.

In order to save IP addresses of CIFS/SMB servers, the dns_resolve_server_name_to_ip() function of the fs/cifs/dns_resolve.c file stores values in the user's keyring.

However, an attacker can save a malicious IP address in his keyring, so the kernel will use it, and will connect to the attacker's CIFS/SMB server.

A local attacker can therefore modify his keyring, in order to force the CIFS client of the Linux kernel to connect to a malicious CIFS/SMB server.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability alert impacts software or systems such as Debian, BIG-IP Hardware, TMOS, Fedora, Linux, Mandriva Linux, openSUSE, RHEL, SLES, ESX, ESXi, vCenter Server, VirtualCenter, VMware vSphere, VMware vSphere Hypervisor.

Our Vigil@nce team determined that the severity of this computer threat alert is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this security vulnerability.

Solutions for this threat

Linux kernel: version 2.6.35.
Version 2.6.35 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

Linux kernel: patch for CIFS DNS resolver.
A patch is available in information sources.

Debian: new linux-2.6 packages (20/06/2011).
New packages are available:
  linux-2.6 2.6.26-26lenny3

F5 BIG-IP: solution for Linux CVE-2010-2524.
The solution is indicated in information sources.

Fedora 12: new kernel packages.
New packages are available:
  kernel-2.6.32.16-150.fc12

Fedora 13: new kernel packages.
New packages are available:
  kernel-2.6.33.6-147.2.4.fc13

Mandriva: new kernel packages.
New packages are available:
  kernel-2.6.33.7-1mnb2

openSUSE 11.2: new kernel packages.
New packages are available:
  kernel-*-2.6.31.14-0.1.1

openSUSE 11.3: new kernel packages.
New packages are available, as indicated in information sources.

RHEL 5: new kernel packages.
New packages are available:
  kernel-2.6.18-194.11.1.el5

SLE 11 SP1: new kernel packages.
New packages are available, as indicated in information sources.

VMware: corrected versions.
Following versions are corrected:
VMware vCenter Server 4.1 Update 1 and modules
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
VMware vCenter Server 4.0 Update 3
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://www.vmware.com/support/vsphere4/doc/vsp_vc40_u3_rel_notes.html
ESXi 4.1 Installable Update 1
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html
  http://kb.vmware.com/kb/1027919
ESX 4.1 Update 1
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html
  http://kb.vmware.com/kb/1029353
ESXi 4.0
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-274-20110303-677367/ESXi400-201103001.zip
  http://kb.vmware.com/kb/1032823
ESX 4.0
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-273-20110303-574144/ESX400-201103001.zip
  http://kb.vmware.com/kb/1032822
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities alert. The Vigil@nce vulnerability database contains several thousand vulnerabilities.