Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:362983
HistoryOct 25, 2010 - 12:00 a.m.

Linux kernel RDS protocol vulnerability

2010-10-2500:00:00
www.kb.cert.org
97

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

37.2%

JSON

Overview

The RDS protocol implementation of Linux kernels 2.6.30 through 2.6.38-rc8 contain a local privilege escalation vulnerability.

Description

Kernel functions fail to properly check if a user supplied address exists in the user segment of memory. By providing a kernel address to a socket call an unprivileged user can execute arbitrary code as root. Additional details can be found in the VSR Security Advisory.

Impact

An unprivileged local attacker can escalate their privileges to root.

Solution

Apply an update for the specific Linux distribution used.

If the RDS protocol is not needed, it can be disabled with the following command run as root.

echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds``

Vendor Information

362983

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Debian GNU/Linux Affected

Updated: October 25, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux Affected

Updated: October 25, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc. Affected

Updated: October 25, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc. Affected

Updated: October 25, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu Affected

Updated: October 25, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.vsecurity.com/resources/advisory/20101019-1/&gt;

Acknowledgements

Thanks to Dan Rosenberg of Virtual Security Research for researching and publishing the details of this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2010-3904
Severity Metric: 20.84 Date Public:

Related

prion 1
altlinux 1
nessus 19
oraclelinux 6
openvas 46
seebug 3
canvas 1
securityvulns 3
packetstorm 2
zdt 3
ubuntucve 1
redhat 2
metasploit 2
cve 1
centos 1
attackerkb 1
exploitpack 1
veracode 1
cisa_kev 1
exploitdb 2
suse 3
thn 2
fedora 14
ubuntu 6
vmware 2
prion
prion
Design/Logic Flaw
2010-12-06 20:13:00
altlinux
altlinux
Security fix for the ALT Linux 6 package kernel-image-hpc-skif version 2.6.32-alt24
2010-10-20 00:00:00
nessus
nessus
RHEL 5 : kernel (RHSA-2010:0792)
2010-10-26 00:00:00
Scientific Linux Security Update : kernel on SL5.x i386/x86_64
2012-08-01 00:00:00
CentOS 5 : kernel (CESA-2010:0792)
2010-11-24 00:00:00
oraclelinux
oraclelinux
kernel security update
2010-10-22 00:00:00
kernel security update
2010-10-27 00:00:00
Oracle Linux 5 Unbreakable Enterprise kernel security fix update
2010-10-22 00:00:00
openvas
openvas
RedHat Update for kernel RHSA-2010:0792-01
2010-11-04 00:00:00
Oracle Linux Local Check: ELSA-2010-0792
2015-10-06 00:00:00
CentOS Update for kernel CESA-2010:0792 centos5 i386
2011-08-09 00:00:00
seebug
seebug
Linux Kernel <= 2.6.36-rc8 - RDS Protocol Local Privilege Escalation
2014-07-01 00:00:00
Linux RDS Protocol Local Privilege Escalation
2010-10-26 00:00:00
Linux Kernel RDS协议本地权限提升漏洞
2010-10-26 00:00:00
canvas
canvas
Immunity Canvas: LINUX_RDS
2010-12-06 20:13:00
securityvulns
securityvulns
VSR Advisories: Linux RDS Protocol Local Privilege Escalation
2010-10-24 00:00:00
Linux kernel RDS protocol privilege escalation
2010-10-24 00:00:00
NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privilege escalation to root due to very old Kernel
2012-12-02 00:00:00
packetstorm
packetstorm
Reliable Datagram Sockets (RDS) Privilege Escalation
2018-05-19 00:00:00
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
2019-12-23 00:00:00
zdt
zdt
Reliable Datagram Sockets (RDS) Privilege Escalation Exploit
2018-05-19 00:00:00
Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation Exploit
2018-05-21 00:00:00
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation Exploit
2019-12-24 00:00:00
ubuntucve
ubuntucve
CVE-2010-3904
2010-10-19 00:00:00
redhat
redhat
(RHSA-2010:0792) Important: kernel security update
2010-10-25 00:00:00
(RHSA-2010:0842) Important: kernel security and bug fix update
2010-11-10 00:00:00
metasploit
metasploit
Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
2019-12-18 20:05:19
Reliable Datagram Sockets (RDS) Privilege Escalation
2018-05-03 12:51:21
cve
cve
CVE-2010-3904
2010-12-06 20:13:00
centos
centos
kernel security update
2010-10-26 06:38:54
attackerkb
attackerkb
CVE-2010-3904
2010-12-06 00:00:00
exploitpack
exploitpack
Linux Kernel 2.6.36-rc8 - RDS Protocol Local Privilege Escalation
2010-10-19 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:50:15
cisa_kev
cisa_kev
Linux Kernel Improper Input Validation Vulnerability
2023-05-12 00:00:00
exploitdb
exploitdb
Linux Kernel 2.6.36-rc8 - &#039;RDS Protocol&#039; Local Privilege Escalation
2010-10-19 00:00:00
Linux 2.6.30 &lt; 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit)
2018-05-21 00:00:00
suse
suse
local privilege escalation in kernel
2010-10-28 16:14:32
local privilege escalation in kernel
2010-11-11 15:47:32
remote denial of service, local privilege in kernel-rt
2011-02-07 11:58:56
thn
thn
Two Linux vulnerabilities to get root access
2010-10-30 07:21:00
Warning: Samsung Devices Under Attack! New Security Flaw Exposed
2023-05-20 04:15:00
fedora
fedora
[SECURITY] Fedora 14 Update: kernel-2.6.35.6-48.fc14
2010-10-28 06:10:03
[SECURITY] Fedora 14 Update: kernel-2.6.35.9-64.fc14
2010-12-05 00:42:46
[SECURITY] Fedora 14 Update: kernel-2.6.35.13-92.fc14
2011-06-11 04:22:38
ubuntu
ubuntu
Linux kernel vulnerabilities
2010-10-19 00:00:00
Linux kernel (OMAP4) vulnerabilities
2011-04-20 00:00:00
Linux kernel vulnerabilities
2011-02-28 00:00:00
vmware
vmware
VMware ESXi and ESX updates to third party libraries and ESX Service Console
2011-10-12 00:00:00
VMware ESX third party updates for Service Console packages glibc and dhcp
2011-10-12 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

37.2%

JSON
Related for VU:362983
prion1altlinux1nessus19oraclelinux6openvas46seebug3canvas1securityvulns3packetstorm2zdt3ubuntucve1redhat2metasploit2cve1centos1attackerkb1exploitpack1veracode1cisa_kev1exploitdb2suse3thn2fedora14ubuntu6vmware2