[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3904Date: (C)2010-12-06   (M)2024-02-22


The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1024613
http://www.securityfocus.com/archive/1/520102/100/0/threaded
EXPLOIT-DB-44677
SECUNIA-46397
ADV-2011-0298
RHSA-2010:0792
RHSA-2010:0842
SUSE-SA:2010:053
SUSE-SA:2010:057
SUSE-SA:2011:007
USN-1000-1
VU#362983
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.vsecurity.com/download/tools/linux-rds-exploit.c
http://www.vsecurity.com/resources/advisory/20101019-1/
https://bugzilla.redhat.com/show_bug.cgi?id=642896

CPE    7
cpe:/o:opensuse:opensuse:11.3
cpe:/o:opensuse:opensuse:11.2
cpe:/o:canonical:ubuntu_linux:9.04
cpe:/o:canonical:ubuntu_linux:10.10
...
CWE    1
CWE-20
OVAL    23
oval:org.secpod.oval:def:700243
oval:org.secpod.oval:def:500395
oval:org.secpod.oval:def:102701
oval:org.secpod.oval:def:102647
...

© SecPod Technologies