CVE-2010-3904

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/46397	Broken Link Third Party Advisory
http://securitytracker.com/id?1024613	Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/362983	Third Party Advisory US Government Resource
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36	Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0792.html	Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0842.html	Broken Link Third Party Advisory
http://www.securityfocus.com/archive/1/520102/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1000-1	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0012.html	Third Party Advisory
http://www.vsecurity.com/download/tools/linux-rds-exploit.c	Broken Link
http://www.vsecurity.com/resources/advisory/20101019-1/	Broken Link
http://www.vupen.com/english/advisories/2011/0298	Broken Link Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=642896	Issue Tracking Patch Third Party Advisory
https://www.exploit-db.com/exploits/44677/	Exploit Third Party Advisory VDB Entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/46397	Broken Link Third Party Advisory
http://securitytracker.com/id?1024613	Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/362983	Third Party Advisory US Government Resource
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36	Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0792.html	Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0842.html	Broken Link Third Party Advisory
http://www.securityfocus.com/archive/1/520102/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1000-1	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0012.html	Third Party Advisory
http://www.vsecurity.com/download/tools/linux-rds-exploit.c	Broken Link
http://www.vsecurity.com/resources/advisory/20101019-1/	Broken Link
http://www.vupen.com/english/advisories/2011/0298	Broken Link Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=642896	Issue Tracking Patch Third Party Advisory
https://www.exploit-db.com/exploits/44677/	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:vmware:esxi:3.5:::::::*
	cpe:2.3:o:vmware:esxi:4.0:::::::*
	cpe:2.3:o:vmware:esxi:4.1:::::::*
	cpe:2.3:o:vmware:esxi:5.0:::::::*

History

21 Nov 2024, 01:19

27 Jun 2024, 19:23

Type	Values Removed	Values Added
CWE	~~CWE-20~~	CWE-1284
CPE		cpe:2.3:o:vmware:esxi:4.1:::::::* cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:vmware:esxi:3.5:::::::* cpe:2.3:o:vmware:esxi:4.0:::::::* cpe:2.3:o:vmware:esxi:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
CVSS	v2 : ~~7.2~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8
First Time		Vmware Vmware esxi Redhat Redhat enterprise Linux
References	~~() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f -~~	() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f - Broken Link
References	~~() http://secunia.com/advisories/46397 - Third Party Advisory~~	() http://secunia.com/advisories/46397 - Broken Link, Third Party Advisory
References	~~() http://securitytracker.com/id?1024613 - Third Party Advisory, VDB Entry~~	() http://securitytracker.com/id?1024613 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.redhat.com/support/errata/RHSA-2010-0792.html - Third Party Advisory~~	() http://www.redhat.com/support/errata/RHSA-2010-0792.html - Broken Link, Third Party Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2010-0842.html - Third Party Advisory~~	() http://www.redhat.com/support/errata/RHSA-2010-0842.html - Broken Link, Third Party Advisory
References	~~() http://www.securityfocus.com/archive/1/520102/100/0/threaded - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/archive/1/520102/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.vupen.com/english/advisories/2011/0298 - Third Party Advisory~~	() http://www.vupen.com/english/advisories/2011/0298 - Broken Link, Third Party Advisory

Information

Published : 2010-12-06 20:13

Updated : 2025-04-11 00:51

NVD link : CVE-2010-3904

Mitre link : CVE-2010-3904

CVE.ORG link : CVE-2010-3904

JSON object : View

Products Affected

redhat

enterprise_linux

suse

linux_enterprise_desktop
linux_enterprise_server
linux_enterprise_real_time_extension

opensuse

opensuse

linux

linux_kernel

canonical

ubuntu_linux

vmware

esxi

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

7.8 /10