CVE-2010-3904
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.kb.cert.org/vuls/id/362983
- http://www.vsecurity.com/download/tools/linux-rds-exploit.c
- http://www.ubuntu.com/usn/USN-1000-1
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://secunia.com/advisories/46397
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f
- https://www.exploit-db.com/exploits/44677/
- http://securitytracker.com/id?1024613
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
- http://www.redhat.com/support/errata/RHSA-2010-0842.html
- http://www.vupen.com/english/advisories/2011/0298
- https://bugzilla.redhat.com/show_bug.cgi?id=642896
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
- http://www.vsecurity.com/resources/advisory/20101019-1/
- http://www.redhat.com/support/errata/RHSA-2010-0792.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
- http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- http://www.kb.cert.org/vuls/id/362983
- http://www.vsecurity.com/download/tools/linux-rds-exploit.c
- http://www.ubuntu.com/usn/USN-1000-1
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://secunia.com/advisories/46397
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f
- https://www.exploit-db.com/exploits/44677/
- http://securitytracker.com/id?1024613
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
- http://www.redhat.com/support/errata/RHSA-2010-0842.html
- http://www.vupen.com/english/advisories/2011/0298
- https://bugzilla.redhat.com/show_bug.cgi?id=642896
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
- http://www.vsecurity.com/resources/advisory/20101019-1/
- http://www.redhat.com/support/errata/RHSA-2010-0792.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
- http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.