← Zuruck zu CVEs
CVE-2010-3904
HIGHCISA KEV7.8
Beschreibung
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
CVE Details
CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht12/6/2010
Zuletzt geandert4/21/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerLinux
ProduktKernel
SchwachstellennameLinux Kernel Improper Input Validation Vulnerability
KEV Aufnahmedatum2023-05-12
Behebungsfrist2023-06-02
Ransomware-NutzungUnknown
Betroffene Produkte
canonical:ubuntu_linuxlinux:linux_kernelopensuse:opensuseredhat:enterprise_linuxsuse:linux_enterprise_desktopsuse:linux_enterprise_real_time_extensionsuse:linux_enterprise_servervmware:esxi
Schwachen (CWE)
CWE-1284
Referenzen
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f(security@ubuntu.com)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html(security@ubuntu.com)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html(security@ubuntu.com)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html(security@ubuntu.com)
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html(security@ubuntu.com)
http://secunia.com/advisories/46397(security@ubuntu.com)
http://securitytracker.com/id?1024613(security@ubuntu.com)
http://www.kb.cert.org/vuls/id/362983(security@ubuntu.com)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36(security@ubuntu.com)
http://www.redhat.com/support/errata/RHSA-2010-0792.html(security@ubuntu.com)
http://www.redhat.com/support/errata/RHSA-2010-0842.html(security@ubuntu.com)
http://www.securityfocus.com/archive/1/520102/100/0/threaded(security@ubuntu.com)
http://www.ubuntu.com/usn/USN-1000-1(security@ubuntu.com)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html(security@ubuntu.com)
http://www.vsecurity.com/download/tools/linux-rds-exploit.c(security@ubuntu.com)
http://www.vsecurity.com/resources/advisory/20101019-1/(security@ubuntu.com)
http://www.vupen.com/english/advisories/2011/0298(security@ubuntu.com)
https://bugzilla.redhat.com/show_bug.cgi?id=642896(security@ubuntu.com)
https://www.exploit-db.com/exploits/44677/(security@ubuntu.com)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/46397(af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1024613(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/362983(af854a3a-2127-422b-91ae-364da2661108)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0792.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0842.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/520102/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1000-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vsecurity.com/download/tools/linux-rds-exploit.c(af854a3a-2127-422b-91ae-364da2661108)
http://www.vsecurity.com/resources/advisory/20101019-1/(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0298(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=642896(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44677/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3904(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.