← Retour aux CVEs
CVE-2010-3904
HIGHCISA KEV7.8
Description
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie12/6/2010
Derniere modification4/21/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurLinux
ProduitKernel
Nom vulnerabiliteLinux Kernel Improper Input Validation Vulnerability
Date ajout KEV2023-05-12
Date limite remediation2023-06-02
Utilise dans ransomwareUnknown
Produits affectes
canonical:ubuntu_linuxlinux:linux_kernelopensuse:opensuseredhat:enterprise_linuxsuse:linux_enterprise_desktopsuse:linux_enterprise_real_time_extensionsuse:linux_enterprise_servervmware:esxi
Faiblesses (CWE)
CWE-1284
References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f(security@ubuntu.com)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html(security@ubuntu.com)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html(security@ubuntu.com)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html(security@ubuntu.com)
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html(security@ubuntu.com)
http://secunia.com/advisories/46397(security@ubuntu.com)
http://securitytracker.com/id?1024613(security@ubuntu.com)
http://www.kb.cert.org/vuls/id/362983(security@ubuntu.com)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36(security@ubuntu.com)
http://www.redhat.com/support/errata/RHSA-2010-0792.html(security@ubuntu.com)
http://www.redhat.com/support/errata/RHSA-2010-0842.html(security@ubuntu.com)
http://www.securityfocus.com/archive/1/520102/100/0/threaded(security@ubuntu.com)
http://www.ubuntu.com/usn/USN-1000-1(security@ubuntu.com)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html(security@ubuntu.com)
http://www.vsecurity.com/download/tools/linux-rds-exploit.c(security@ubuntu.com)
http://www.vsecurity.com/resources/advisory/20101019-1/(security@ubuntu.com)
http://www.vupen.com/english/advisories/2011/0298(security@ubuntu.com)
https://bugzilla.redhat.com/show_bug.cgi?id=642896(security@ubuntu.com)
https://www.exploit-db.com/exploits/44677/(security@ubuntu.com)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/46397(af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1024613(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/362983(af854a3a-2127-422b-91ae-364da2661108)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0792.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0842.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/520102/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1000-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vsecurity.com/download/tools/linux-rds-exploit.c(af854a3a-2127-422b-91ae-364da2661108)
http://www.vsecurity.com/resources/advisory/20101019-1/(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0298(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=642896(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44677/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3904(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.