Vulnerability Details : CVE-2010-3904
Public exploit exists!
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Vulnerability category: Input validation
Threat overview for CVE-2010-3904
Top countries where our scanners detected CVE-2010-3904
Top open port discovered on systems with this issue
49153
IPs affected by CVE-2010-3904 23,004
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-3904!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
CVE-2010-3904 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Linux Kernel Improper Input Validation Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Notes:
https://lkml.iu.edu/hypermail/linux/kernel/1601.3/06474.html
Added on
2023-05-12
Action due date
2023-06-02
Exploit prediction scoring system (EPSS) score for CVE-2010-3904
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 37 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-3904
-
Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Disclosure Date: 2010-10-20First seen: 2020-04-26exploit/linux/local/rds_rds_page_copy_user_priv_escThis module exploits a vulnerability in the `rds_page_copy_user` function in `net/rds/page.c` (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on: Fedora 13 (i686) kernel v
CVSS scores for CVE-2010-3904
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2010-3904
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3904
-
http://www.kb.cert.org/vuls/id/362983
VU#362983 - Linux kernel RDS protocol vulnerabilityThird Party Advisory;US Government Resource
-
http://www.ubuntu.com/usn/USN-1000-1
USN-1000-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.vsecurity.com/download/tools/linux-rds-exploit.c
VSR | 404 Not FoundBroken Link
-
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20Mailing List;Third Party Advisory
-
http://securitytracker.com/id?1024613
Linux Kernel RDS Protocol Bug Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
404: File not foundBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
[security-announce] SUSE Security Announcement: Realtime Linux Kernel (SMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=642896
642896 – (CVE-2010-3904) CVE-2010-3904 kernel: RDS sockets local privilege escalationIssue Tracking;Patch;Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=799c10559d60f159ab2232203f222f18fa3c4a5f
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/520102/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/44677/
Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit) - Linux local ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
VMSA-2011-0012.3Third Party Advisory
-
http://www.vsecurity.com/resources/advisory/20101019-1/
VSR | 404 Not FoundBroken Link
-
http://www.redhat.com/support/errata/RHSA-2010-0792.html
SupportThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0842.html
SupportThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2011/0298
Webmail | OVH- OVHThird Party Advisory
Products affected by CVE-2010-3904
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*