CVE-2010-3904

HIGH KEV

Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation

Title source: metasploit

Description

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocallinux

https://www.exploit-db.com/exploits/44677

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Dan Rosenberg · clocallinux

https://www.exploit-db.com/exploits/15285

View Code ZIP pw:eip

nomisec WORKING POC

by redhatkaty · local

https://github.com/redhatkaty/-cve-2010-3904-report

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Dan Rosenberg, bcoles · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/rds_rds_page_copy_user_priv_esc.rb

View Code ZIP pw:eip

References (20)

[Broken Link] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html

[Broken Link, Third Party Advisory] http://secunia.com/advisories/46397

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1024613

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/362983

[Broken Link] http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36

[Broken Link, Third Party Advisory] http://www.redhat.com/support/errata/RHSA-2010-0792.html

[Broken Link, Third Party Advisory] http://www.redhat.com/support/errata/RHSA-2010-0842.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/520102/100/0/threaded

[Third Party Advisory] http://www.ubuntu.com/usn/USN-1000-1

[Third Party Advisory] http://www.vmware.com/security/advisories/VMSA-2011-0012.html

[Broken Link] http://www.vsecurity.com/download/tools/linux-rds-exploit.c

[Broken Link] http://www.vsecurity.com/resources/advisory/20101019-1/

[Broken Link, Third Party Advisory] http://www.vupen.com/english/advisories/2011/0298

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=642896

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44677/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3904

Scores

CVSS v3 7.8

EPSS 0.0145

EPSS Percentile 80.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-05-12

VulnCheck KEV 2023-05-12

InTheWild.io 2023-05-12

ENISA EUVD EUVD-2010-3882

CWE

CWE-1284

Status published

Products (18)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 8.04

canonical/ubuntu_linux 9.04

canonical/ubuntu_linux 9.10

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 10.10

linux/linux_kernel < 2.6.36

opensuse/opensuse 11.2

opensuse/opensuse 11.3

redhat/enterprise_linux 5.0

... and 8 more

Published Dec 06, 2010

KEV Added May 12, 2023

Tracked Since Feb 18, 2026