CVE-2010-3904 - Vulnerability Details

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since May 12, 2023.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Canonical	Ubuntu Linux
Linux	Linux Kernel
Opensuse	Opensuse
Redhat	Enterprise Linux
Suse	Linux Enterprise Desktop Linux Enterprise Real Time Extension Linux Enterprise Server
Vmware	Esxi

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:vmware:esxi:3.5:::::::*
	cpe:2.3:o:vmware:esxi:4.0:::::::*
	cpe:2.3:o:vmware:esxi:4.1:::::::*
	cpe:2.3:o:vmware:esxi:5.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
kernel-0:2.6.18-194.17.4.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2010:0792	2010-10-25T00:00:00Z
Red Hat Enterprise Linux 6
kernel-0:2.6.32-71.7.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2010:0842	2010-11-10T00:00:00Z

References

Link	Providers
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
http://secunia.com/advisories/46397
http://securitytracker.com/id?1024613
http://www.kb.cert.org/vuls/id/362983
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://www.redhat.com/support/errata/RHSA-2010-0792.html
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.ubuntu.com/usn/USN-1000-1
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.vsecurity.com/download/tools/linux-rds-exploit.c
http://www.vsecurity.com/resources/advisory/20101019-1/
http://www.vupen.com/english/advisories/2011/0298
https://bugzilla.redhat.com/show_bug.cgi?id=642896
https://nvd.nist.gov/vuln/detail/CVE-2010-3904
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2010-3904
https://www.exploit-db.com/exploits/44677/

History

Fri, 07 Feb 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2023-05-12'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 23:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2010-12-06T20:00:00.000Z

Updated: 2025-02-07T12:37:13.162Z

Reserved: 2010-10-12T00:00:00.000Z

Link: CVE-2010-3904

Vulnrichment

Updated: 2024-08-07T03:26:12.057Z

NVD

Status : Deferred

Published: 2010-12-06T20:13:00.513

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-3904

Redhat

Severity : Important

Publid Date: 2010-10-19T00:00:00Z

Links: CVE-2010-3904 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-10-19T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-23T22:06:04.000Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "VU#362983", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/362983"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c"}, {"name": "USN-1000-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46397"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f"}, {"name": "44677", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44677/"}, {"name": "1024613", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024613"}, {"name": "SUSE-SA:2011:007", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"name": "RHSA-2010:0842", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"}, {"name": "ADV-2011-0298", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896"}, {"name": "SUSE-SA:2010:057", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vsecurity.com/resources/advisory/20101019-1/"}, {"name": "RHSA-2010:0792", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0792.html"}, {"name": "SUSE-SA:2010:053", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2010-3904", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#362983", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/362983"}, {"name": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c", "refsource": "MISC", "url": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c"}, {"name": "USN-1000-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"name": "46397", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46397"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=799c10559d60f159ab2232203f222f18fa3c4a5f", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=799c10559d60f159ab2232203f222f18fa3c4a5f"}, {"name": "44677", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44677/"}, {"name": "1024613", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024613"}, {"name": "SUSE-SA:2011:007", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"name": "RHSA-2010:0842", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"}, {"name": "ADV-2011-0298", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=642896", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896"}, {"name": "SUSE-SA:2010:057", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"}, {"name": "http://www.vsecurity.com/resources/advisory/20101019-1/", "refsource": "MISC", "url": "http://www.vsecurity.com/resources/advisory/20101019-1/"}, {"name": "RHSA-2010:0792", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0792.html"}, {"name": "SUSE-SA:2010:053", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html"}, {"name": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:26:12.057Z"}, "title": "CVE Program Container", "references": [{"name": "VU#362983", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/362983"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c"}, {"name": "USN-1000-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46397"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f"}, {"name": "44677", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/44677/"}, {"name": "1024613", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1024613"}, {"name": "SUSE-SA:2011:007", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"name": "RHSA-2010:0842", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"}, {"name": "ADV-2011-0298", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896"}, {"name": "SUSE-SA:2010:057", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vsecurity.com/resources/advisory/20101019-1/"}, {"name": "RHSA-2010:0792", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0792.html"}, {"name": "SUSE-SA:2010:053", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2010-3904", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T12:31:23.893469Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-05-12", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-3904"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T12:37:13.162Z"}}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2010-3904", "datePublished": "2010-12-06T20:00:00.000Z", "dateReserved": "2010-10-12T00:00:00.000Z", "dateUpdated": "2025-02-07T12:37:13.162Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.kb.cert.org/vuls/id/362983", "name": "VU#362983", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"]}, {"url": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-1000-1", "name": "USN-1000-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded", "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://secunia.com/advisories/46397", "name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/44677/", "name": "44677", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://securitytracker.com/id?1024613", "name": "1024613", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html", "name": "SUSE-SA:2011:007", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html", "name": "RHSA-2010:0842", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2011/0298", "name": "ADV-2011-0298", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html", "name": "SUSE-SA:2010:057", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.vsecurity.com/resources/advisory/20101019-1/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0792.html", "name": "RHSA-2010:0792", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html", "name": "SUSE-SA:2010:053", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:26:12.057Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2010-3904", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T12:31:23.893469Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-05-12", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-3904"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T12:30:59.707Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-10-19T00:00:00.000Z", "references": [{"url": "http://www.kb.cert.org/vuls/id/362983", "name": "VU#362983", "tags": ["third-party-advisory", "x_refsource_CERT-VN"]}, {"url": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c", "tags": ["x_refsource_MISC"]}, {"url": "http://www.ubuntu.com/usn/USN-1000-1", "name": "USN-1000-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded", "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://secunia.com/advisories/46397", "name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://www.exploit-db.com/exploits/44677/", "name": "44677", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://securitytracker.com/id?1024613", "name": "1024613", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html", "name": "SUSE-SA:2011:007", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html", "name": "RHSA-2010:0842", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.vupen.com/english/advisories/2011/0298", "name": "ADV-2011-0298", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html", "name": "SUSE-SA:2010:057", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.vsecurity.com/resources/advisory/20101019-1/", "tags": ["x_refsource_MISC"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0792.html", "name": "RHSA-2010:0792", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html", "name": "SUSE-SA:2010:053", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2019-12-23T22:06:04.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/362983", "name": "VU#362983", "refsource": "CERT-VN"}, {"url": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c", "name": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c", "refsource": "MISC"}, {"url": "http://www.ubuntu.com/usn/USN-1000-1", "name": "USN-1000-1", "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded", "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "refsource": "BUGTRAQ"}, {"url": "http://secunia.com/advisories/46397", "name": "46397", "refsource": "SECUNIA"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=799c10559d60f159ab2232203f222f18fa3c4a5f", "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=799c10559d60f159ab2232203f222f18fa3c4a5f", "refsource": "CONFIRM"}, {"url": "https://www.exploit-db.com/exploits/44677/", "name": "44677", "refsource": "EXPLOIT-DB"}, {"url": "http://securitytracker.com/id?1024613", "name": "1024613", "refsource": "SECTRACK"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html", "name": "SUSE-SA:2011:007", "refsource": "SUSE"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html", "name": "RHSA-2010:0842", "refsource": "REDHAT"}, {"url": "http://www.vupen.com/english/advisories/2011/0298", "name": "ADV-2011-0298", "refsource": "VUPEN"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=642896", "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html", "name": "SUSE-SA:2010:057", "refsource": "SUSE"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", "refsource": "CONFIRM"}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", "refsource": "CONFIRM"}, {"url": "http://www.vsecurity.com/resources/advisory/20101019-1/", "name": "http://www.vsecurity.com/resources/advisory/20101019-1/", "refsource": "MISC"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0792.html", "name": "RHSA-2010:0792", "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html", "name": "SUSE-SA:2010:053", "refsource": "SUSE"}, {"url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html", "name": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-3904", "STATE": "PUBLIC", "ASSIGNER": "security@ubuntu.com"}}}}, "cveMetadata": {"cveId": "CVE-2010-3904", "state": "PUBLISHED", "dateUpdated": "2025-02-07T12:37:13.162Z", "dateReserved": "2010-10-12T00:00:00.000Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2010-12-06T20:00:00.000Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-06-02", "cisaExploitAdd": "2023-05-12", "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.", "cisaVulnerabilityName": "Linux Kernel Improper Input Validation Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8DCE5E2-B055-4F05-8F0F-F19D1B7BA8D7", "versionEndExcluding": "2.6.36", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "640FB29C-1A84-41E1-86DE-B542EA0EF153", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "FAE88D8C-9CC3-46D1-9F26-290BC679F47E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4BDE707D-A1F4-4829-843E-F6633BB84D6D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2331236-2E9B-4B52-81EE-B52DEB41ACE5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls."}, {"lang": "es", "value": "La funci\u00f3n rds_page_copy_user de net/rds/page.c en la implementaci\u00f3n del protocolo \"Reliable Datagram Sockets\" (RDS) del kernel de Linux en versiones anteriores a la 2.6.36 no valida apropiadamente las direcciones obtenidas del espacio de usuario, lo que permite a usuarios locales escalar privilegios a trav\u00e9s de un uso manipulado de las llamadas del sistema sendmsg y recvmsg."}], "id": "CVE-2010-3904", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2010-12-06T20:13:00.513", "references": [{"source": "security@ubuntu.com", "tags": ["Broken Link"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html"}, {"source": "security@ubuntu.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://secunia.com/advisories/46397"}, {"source": "security@ubuntu.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1024613"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/362983"}, {"source": "security@ubuntu.com", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"}, {"source": "security@ubuntu.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0792.html"}, {"source": "security@ubuntu.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"}, {"source": "security@ubuntu.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"source": "security@ubuntu.com", "tags": ["Broken Link"], "url": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c"}, {"source": "security@ubuntu.com", "tags": ["Broken Link"], "url": "http://www.vsecurity.com/resources/advisory/20101019-1/"}, {"source": "security@ubuntu.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44677/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://secunia.com/advisories/46397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1024613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/362983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0792.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vsecurity.com/resources/advisory/20101019-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44677/"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Dan Rosenberg (Virtual Security Research) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2010:0792", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-194.17.4.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-10-25T00:00:00Z"}, {"advisory": "RHSA-2010:0842", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-71.7.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2010-11-10T00:00:00Z"}], "bugzilla": {"description": "kernel: RDS sockets local privilege escalation", "id": "642896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896"}, "csaw": false, "cvss": {"cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-119", "details": ["The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls."], "mitigation": {"lang": "en:us", "value": "For users that do not run applications that use RDS, you can prevent the rds module from being loaded by adding the following entry to the end of the /etc/modprobe.d/blacklist file:\nblacklist rds\nThis way, the rds module cannot be loaded accidentally, which may occur if an application that requires RDS is started. A reboot is not necessary for this change to take effect but do make sure the module is not loaded in the first place. You can verify that by running:\nlsmod | grep rds\nYou may also consider removing the CAP_SYS_MODULE capability from the current global capability set to prevent kernel modules from being loaded or unloaded. The CAP_SYS_MODULE has a capability number of 16 (see linux/capability.h). The default value has all the bits set. To remove this capability, you have to clear the 16th bit of the default 32-bit value, e.g. 0xffffff ^ (1 << 16):\necho 0xFFFEFFFF > /proc/sys/kernel/cap-bound"}, "name": "CVE-2010-3904", "public_date": "2010-10-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-3904\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-3904\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG did not include support for the RDS Protocol, and therefore are not affected by this issue. Updates for Red Hat Enterprise Linux 5 and 6 are available to address this flaw.", "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object