CVE-2010-3904

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-3904
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html Mailing List Third Party Advisory
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/46397 Broken Link Third Party Advisory
http://securitytracker.com/id?1024613 Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/362983 Third Party Advisory US Government Resource
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0792.html Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0842.html Broken Link Third Party Advisory
http://www.securityfocus.com/archive/1/520102/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1000-1 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0012.html Third Party Advisory
http://www.vsecurity.com/download/tools/linux-rds-exploit.c Broken Link
http://www.vsecurity.com/resources/advisory/20101019-1/ Broken Link
http://www.vupen.com/english/advisories/2011/0298 Broken Link Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=642896 Issue Tracking Patch Third Party Advisory
https://www.exploit-db.com/exploits/44677/ Exploit Third Party Advisory VDB Entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html Mailing List Third Party Advisory
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/46397 Broken Link Third Party Advisory
http://securitytracker.com/id?1024613 Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/362983 Third Party Advisory US Government Resource
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0792.html Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0842.html Broken Link Third Party Advisory
http://www.securityfocus.com/archive/1/520102/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1000-1 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0012.html Third Party Advisory
http://www.vsecurity.com/download/tools/linux-rds-exploit.c Broken Link
http://www.vsecurity.com/resources/advisory/20101019-1/ Broken Link
http://www.vupen.com/english/advisories/2011/0298 Broken Link Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=642896 Issue Tracking Patch Third Party Advisory
https://www.exploit-db.com/exploits/44677/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2010-12-06 20:13

Updated : 2025-04-11 00:51

NVD link : CVE-2010-3904

Mitre link : CVE-2010-3904

CVE.ORG link : CVE-2010-3904

JSON object : View

Products Affected

opensuse

  • opensuse

vmware

  • esxi

suse

  • linux_enterprise_desktop
  • linux_enterprise_server
  • linux_enterprise_real_time_extension

redhat

  • enterprise_linux

linux

  • linux_kernel

canonical

  • ubuntu_linux
CWE
CWE-1284

Improper Validation of Specified Quantity in Input