CVE-2010-3904

CVSS V2 High 7.2 CVSS V3 None
Description
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Overview
  • CVE ID
  • CVE-2010-3904
  • Assigner
  • security@ubuntu.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2010-12-06T20:13:00
  • Last Modified Date
  • 2020-08-14T15:24:38
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 1 OR 2.6.36
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.2
  • Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=799c10559d60f159ab2232203f222f18fa3c4a5f Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/362983 Third Party Advisory US Government Resource
http://www.vsecurity.com/resources/advisory/20101019-1/ Broken Link
http://securitytracker.com/id?1024613 Third Party Advisory VDB Entry
http://www.vsecurity.com/download/tools/linux-rds-exploit.c Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=642896 Issue Tracking Patch Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 Broken Link
http://www.ubuntu.com/usn/USN-1000-1 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0842.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0792.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html Mailing List Third Party Advisory
http://www.vupen.com/english/advisories/2011/0298 Third Party Advisory
http://secunia.com/advisories/46397 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0012.html Third Party Advisory
https://www.exploit-db.com/exploits/44677/ Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/520102/100/0/threaded Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html Exploit Third Party Advisory VDB Entry
History
Created Old Value New Value Data Type Notes
2022-05-10 17:21:39 Added to TrackCVE