Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 314693 (CVE-2010-1088)

Summary: Kernel: NFS symlinks issue (CVE-2010-1088)
Product: Gentoo Security Reporter: Tomás Touceda (RETIRED) <chiiph>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/linus/ac278a9c505092dd82077a2446af8f9fc0d9c095
Whiteboard: [linux >= 2.6.18 < 2.6.34]
Package list:
Runtime testing required: ---

Description Tomás Touceda (RETIRED) gentoo-dev 2010-04-11 14:36:10 UTC 
CVE-2010-1088 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1088):
  fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always
  follow NFS automount "symlinks," which allows attackers to have an
  unknown impact, related to LOOKUP_FOLLOW.