Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-xcnp-gudk-3fec

Summary kernel: RDS sockets local privilege escalation

Aliases

alias	CVE-2010-3904

Fixed_packages

Affected_packages

url pkg:rpm/redhat/kernel@2.6.18-194.17.4?arch=el5

purl pkg:rpm/redhat/kernel@2.6.18-194.17.4?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xcnp-gudk-3fec

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kernel@2.6.18-194.17.4%3Farch=el5

url pkg:rpm/redhat/kernel@2.6.32-71.7.1?arch=el6

purl pkg:rpm/redhat/kernel@2.6.32-71.7.1?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-229q-sxf7-8bgu

vulnerability	VCID-3vwf-bjs1-6bg9

vulnerability	VCID-4k1s-fghb-p3bb

vulnerability	VCID-5dmd-zwje-pqek

vulnerability	VCID-8fkd-5ked-xyes

vulnerability	VCID-fjh9-4gn3-6feg

vulnerability	VCID-nftw-r2j9-y7cp

vulnerability	VCID-pmch-au5t-2fh5

vulnerability	VCID-qnqy-k1r2-ckf5

vulnerability	VCID-ux7d-jpk1-7ubt

vulnerability	VCID-vwj3-5b6z-17b1

vulnerability	VCID-xcnp-gudk-3fec

vulnerability	VCID-xps7-6pp7-a3b6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kernel@2.6.32-71.7.1%3Farch=el6

References

reference_url

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f

reference_url

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

reference_url

http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3904.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3904.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-3904

reference_id

reference_type

scores

value	0.01254
scoring_system	epss
scoring_elements	0.79395
published_at	2026-04-21T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79392
published_at	2026-04-18T12:55:00Z

value	0.01447
scoring_system	epss
scoring_elements	0.80818
published_at	2026-04-26T12:55:00Z

value	0.01447
scoring_system	epss
scoring_elements	0.80813
published_at	2026-04-24T12:55:00Z

value	0.01579
scoring_system	epss
scoring_elements	0.815
published_at	2026-04-01T12:55:00Z

value	0.01579
scoring_system	epss
scoring_elements	0.81512
published_at	2026-04-02T12:55:00Z

value	0.01579
scoring_system	epss
scoring_elements	0.81602
published_at	2026-04-16T12:55:00Z

value	0.01579
scoring_system	epss
scoring_elements	0.81572
published_at	2026-04-12T12:55:00Z

value	0.01579
scoring_system	epss
scoring_elements	0.81585
published_at	2026-04-11T12:55:00Z

value	0.01579
scoring_system	epss
scoring_elements	0.81565
published_at	2026-04-13T12:55:00Z

value	0.01579
scoring_system	epss
scoring_elements	0.8156
published_at	2026-04-08T12:55:00Z

value	0.01579
scoring_system	epss
scoring_elements	0.81531
published_at	2026-04-07T12:55:00Z

value	0.01579
scoring_system	epss
scoring_elements	0.81533
published_at	2026-04-04T12:55:00Z

value	0.01618
scoring_system	epss
scoring_elements	0.81893
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-3904

reference_url

http://secunia.com/advisories/46397

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://secunia.com/advisories/46397

reference_url

http://securitytracker.com/id?1024613

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://securitytracker.com/id?1024613

reference_url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3904
reference_id
reference_type
scores
url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3904

reference_url

https://www.exploit-db.com/exploits/44677/

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

https://www.exploit-db.com/exploits/44677/

reference_url

http://www.kb.cert.org/vuls/id/362983

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://www.kb.cert.org/vuls/id/362983

reference_url

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36

reference_url

http://www.redhat.com/support/errata/RHSA-2010-0792.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://www.redhat.com/support/errata/RHSA-2010-0792.html

reference_url

http://www.redhat.com/support/errata/RHSA-2010-0842.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://www.redhat.com/support/errata/RHSA-2010-0842.html

reference_url

http://www.securityfocus.com/archive/1/520102/100/0/threaded

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://www.securityfocus.com/archive/1/520102/100/0/threaded

reference_url

http://www.ubuntu.com/usn/USN-1000-1

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://www.ubuntu.com/usn/USN-1000-1

reference_url

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

reference_url

http://www.vsecurity.com/download/tools/linux-rds-exploit.c

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://www.vsecurity.com/download/tools/linux-rds-exploit.c

reference_url

http://www.vupen.com/english/advisories/2011/0298

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://www.vupen.com/english/advisories/2011/0298

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=642896

reference_id

642896

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=642896

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel::::::::
reference_id	cpe:2.3:o:linux:linux_kernel::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
reference_id	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1::::::
reference_id	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::
reference_id	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:vmware:esxi:3.5:::::::*
reference_id	cpe:2.3:o:vmware:esxi:3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:vmware:esxi:3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:vmware:esxi:4.0:::::::*
reference_id	cpe:2.3:o:vmware:esxi:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:vmware:esxi:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:vmware:esxi:4.1:::::::*
reference_id	cpe:2.3:o:vmware:esxi:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:vmware:esxi:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:vmware:esxi:5.0:::::::*
reference_id	cpe:2.3:o:vmware:esxi:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:vmware:esxi:5.0:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/15285.c
reference_id	CVE-2010-3904
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/15285.c

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44677.rb
reference_id	CVE-2010-3904
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44677.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-3904

reference_id

CVE-2010-3904

reference_type

scores

value	7.2
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:C/I:C/A:C

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2010-3904

reference_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/294b2631591e088ef693aa366199300663fbc539/modules/exploits/linux/local/rds_priv_esc.rb
reference_id	CVE-2010-3904
reference_type	exploit
scores
url	https://raw.githubusercontent.com/rapid7/metasploit-framework/294b2631591e088ef693aa366199300663fbc539/modules/exploits/linux/local/rds_priv_esc.rb

reference_url

http://www.vsecurity.com/resources/advisory/20101019-1/

reference_id

CVE-2010-3904

reference_type

exploit

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:31:23Z/

url

http://www.vsecurity.com/resources/advisory/20101019-1/

reference_url	https://access.redhat.com/errata/RHSA-2010:0792
reference_id	RHSA-2010:0792
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2010:0792

reference_url	https://access.redhat.com/errata/RHSA-2010:0842
reference_id	RHSA-2010:0842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2010:0842

reference_url	https://usn.ubuntu.com/1000-1/
reference_id	USN-1000-1
reference_type
scores
url	https://usn.ubuntu.com/1000-1/

reference_url	https://usn.ubuntu.com/1074-1/
reference_id	USN-1074-1
reference_type
scores
url	https://usn.ubuntu.com/1074-1/

reference_url	https://usn.ubuntu.com/1074-2/
reference_id	USN-1074-2
reference_type
scores
url	https://usn.ubuntu.com/1074-2/

reference_url	https://usn.ubuntu.com/1083-1/
reference_id	USN-1083-1
reference_type
scores
url	https://usn.ubuntu.com/1083-1/

reference_url	https://usn.ubuntu.com/1093-1/
reference_id	USN-1093-1
reference_type
scores
url	https://usn.ubuntu.com/1093-1/

reference_url	https://usn.ubuntu.com/1119-1/
reference_id	USN-1119-1
reference_type
scores
url	https://usn.ubuntu.com/1119-1/

Weaknesses

cwe_id	119
name	Improper Restriction of Operations within the Bounds of a Memory Buffer
description	The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

cwe_id	1284
name	Improper Validation of Specified Quantity in Input
description	The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Exploits

date_added	`null`
description	This module exploits a vulnerability in the `rds_page_copy_user` function in `net/rds/page.c` (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on: Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE; and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.
required_action	`null`
due_date	`null`
notes	AKA: - rds-fail.c Reliability: - unreliable-session Stability: - crash-safe SideEffects: - artifacts-on-disk
known_ransomware_campaign_use	`false`
source_date_published	2010-10-20
exploit_type	`null`
platform	Linux
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local/rds_rds_page_copy_user_priv_esc.rb

date_added	2023-05-12
description	Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
required_action	The impacted product is end-of-life and should be disconnected if still in use.
due_date	2023-06-02
notes	https://lkml.iu.edu/hypermail/linux/kernel/1601.3/06474.html; https://nvd.nist.gov/vuln/detail/CVE-2010-3904
known_ransomware_campaign_use	`false`
source_date_published	`null`
exploit_type	`null`
platform	`null`
source_date_updated	`null`
data_source	KEV
source_url	`null`

date_added	2010-10-19
description	Linux Kernel 2.6.36-rc8 - 'RDS Protocol' Local Privilege Escalation
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2010-10-19
exploit_type	local
platform	linux
source_date_updated	2018-05-21
data_source	Exploit-DB
source_url	http://www.vsecurity.com/resources/advisory/20101019-1/

Severity_range_score 7.2 - 7.8

Exploitability 2.0

Weighted_severity 7.0

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcnp-gudk-3fec

Vulnerability Instance