{"vuid":"VU#362983","idnumber":"362983","name":"Linux kernel RDS protocol vulnerability","keywords":["Linux","kernel","rds protocol","privilege escalation"],"overview":"The RDS protocol implementation of Linux kernels 2.6.30 through 2.6.38-rc8 contain a local privilege escalation vulnerability.","clean_desc":"Kernel functions fail to properly check if a user supplied address exists in the user segment of memory. By providing a kernel address to a socket call an unprivileged user can execute arbitrary code as root. Additional details can be found in the VSR Security Advisory.","impact":"An unprivileged local attacker can escalate their privileges to root.","resolution":"Apply an update for the specific Linux distribution used.","workarounds":"If the RDS protocol is not needed, it can be disabled with the following command run as root. echo \"alias net-pf-21 off\" > /etc/modprobe.d/disable-rds","sysaffected":"","thanks":"Thanks to Dan Rosenberg of Virtual Security Research for researching and publishing the details of this vulnerability.","author":"This document was written by Jared Allar.","public":["h","t","t","p",":","/","/","w","w","w",".","v","s","e","c","u","r","i","t","y",".","c","o","m","/","r","e","s","o","u","r","c","e","s","/","a","d","v","i","s","o","r","y","/","2","0","1","0","1","0","1","9","-","1","/"],"cveids":["CVE-2010-3904"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-10-25T14:10:40Z","publicdate":"2010-10-19T00:00:00Z","datefirstpublished":"2010-10-25T19:07:44Z","dateupdated":"2010-10-25T19:38:37Z","revision":13,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"1","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"19","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"20.840625","cam_scorecurrentwidelyknown":"24.8484375","cam_scorecurrentwidelyknownexploited":"40.078125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":20.840625,"vulnote":null}