CVE-2010-3904
HIGH
7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,2
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0139
Percentile
0,8th
Updated
EPSS Score Trend (Last 90 Days)
1284
Improper Validation of Specified Quantity in Input
IncompleteCommon Consequences
Security Scopes Affected:
Other
Integrity
Availability
Potential Impacts:
Varies By Context
Dos: Resource Consumption (Cpu)
Modify Memory
Read Memory
Applicable Platforms
All platforms may be affected
Exploit
Linux Kernel 2.6.36-rc8 - 'RDS Protocol' Local Privilege …
VerifiedLinux Kernel 2.6.36-rc8 - 'RDS Protocol' Local Privilege Escalation
View Exploit Code →
Exploit
Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets …
Verified LocalLinux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit)
View Exploit Code →
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Esxi by Vmware
CPE Identifier
View Detailed Analysis
cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Enterprise Linux by Redhat
CPE Identifier
View Detailed Analysis
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Enterprise Linux by Redhat
CPE Identifier
View Detailed Analysis
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Esxi by Vmware
CPE Identifier
View Detailed Analysis
cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Opensuse by Opensuse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Desktop by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Real Time Extension by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Opensuse by Opensuse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
To
2.6.36
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Esxi by Vmware
CPE Identifier
View Detailed Analysis
cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Server by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Esxi by Vmware
CPE Identifier
View Detailed Analysis
cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010…
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh…
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_…
https://bugzilla.redhat.com/show_bug.cgi?id=642896
http://secunia.com/advisories/46397
http://securitytracker.com/id?1024613
https://www.exploit-db.com/exploits/44677/
http://www.kb.cert.org/vuls/id/362983
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://www.redhat.com/support/errata/RHSA-2010-0792.html
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.ubuntu.com/usn/USN-1000-1
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.vsecurity.com/download/tools/linux-rds-exploit.c
http://www.vsecurity.com/resources/advisory/20101019-1/
http://www.vupen.com/english/advisories/2011/0298
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh…
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_…
https://bugzilla.redhat.com/show_bug.cgi?id=642896
http://secunia.com/advisories/46397
http://securitytracker.com/id?1024613
https://www.exploit-db.com/exploits/44677/
http://www.kb.cert.org/vuls/id/362983
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://www.redhat.com/support/errata/RHSA-2010-0792.html
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.ubuntu.com/usn/USN-1000-1
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.vsecurity.com/download/tools/linux-rds-exploit.c
http://www.vsecurity.com/resources/advisory/20101019-1/
http://www.vupen.com/english/advisories/2011/0298