Executive Summary

Summary
Title kernel security update
Informations
Name RHSA-2010:0792 First vendor Publication 2010-10-25
Vendor RedHat Last vendor Modification 2010-10-25
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issue:

* The rds_page_copy_user() function in the Linux kernel Reliable Datagram Sockets (RDS) protocol implementation was missing sanity checks. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3904, Important)

Red Hat would like to thank Dan Rosenberg of Virtual Security Research for reporting this issue.

Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

642896 - CVE-2010-3904 RDS sockets local privilege escalation

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0792.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20540
 
Oval ID: oval:org.mitre.oval:def:20540
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3904
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21695
 
Oval ID: oval:org.mitre.oval:def:21695
Title: RHSA-2010:0842: kernel security and bug fix update (Important)
Description: The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Family: unix Class: patch
Reference(s): RHSA-2010:0842-02
CVE-2010-2803
CVE-2010-2955
CVE-2010-2962
CVE-2010-3079
CVE-2010-3081
CVE-2010-3084
CVE-2010-3301
CVE-2010-3432
CVE-2010-3437
CVE-2010-3442
CVE-2010-3698
CVE-2010-3705
CVE-2010-3904
Version: 172
Platform(s): Red Hat Enterprise Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22008
 
Oval ID: oval:org.mitre.oval:def:22008
Title: RHSA-2010:0792: kernel security update (Important)
Description: The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Family: unix Class: patch
Reference(s): RHSA-2010:0792-01
CESA-2010:0792
CVE-2010-3904
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23030
 
Oval ID: oval:org.mitre.oval:def:23030
Title: ELSA-2010:0792: kernel security update (Important)
Description: The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Family: unix Class: patch
Reference(s): ELSA-2010:0792-01
CVE-2010-3904
Version: 6
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23172
 
Oval ID: oval:org.mitre.oval:def:23172
Title: ELSA-2010:0842: kernel security and bug fix update (Important)
Description: The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Family: unix Class: patch
Reference(s): ELSA-2010:0842-02
CVE-2010-2803
CVE-2010-2955
CVE-2010-2962
CVE-2010-3079
CVE-2010-3081
CVE-2010-3084
CVE-2010-3301
CVE-2010-3432
CVE-2010-3437
CVE-2010-3442
CVE-2010-3698
CVE-2010-3705
CVE-2010-3904
Version: 57
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28217
 
Oval ID: oval:org.mitre.oval:def:28217
Title: DEPRECATED: ELSA-2010-0792 -- kernel security update (important)
Description: [2.6.18-194.17.4.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb (John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702] - [net] bonding: fix xen+bonding+netconsole panic issue (Joe Jin) [orabug 9504524] - [rds] Patch rds to 1.4.2-14 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki, Chris Mason, Herbert van den Bergh) [orabug 9245919] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] [2.6.18-194.17.4.el5] - [net] rds: fix local privilege escalation (Eugene Teo) [642897 642898] {CVE-2010-3904}
Family: unix Class: patch
Reference(s): ELSA-2010-0792
CVE-2010-3904
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 6
Os 1337
Os 2
Os 1
Os 1
Os 1

ExploitDB Exploits

id Description
2010-10-19 Linux RDS Protocol Local Privilege Escalation

OpenVAS Exploits

Date Description
2012-03-16 Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX...
File : nvt/gb_VMSA-2011-0012.nasl
2011-12-02 Name : Fedora Update for kernel FEDORA-2011-16346
File : nvt/gb_fedora_2011_16346_kernel_fc14.nasl
2011-11-08 Name : Fedora Update for kernel FEDORA-2011-15241
File : nvt/gb_fedora_2011_15241_kernel_fc14.nasl
2011-10-31 Name : Fedora Update for kernel FEDORA-2011-14747
File : nvt/gb_fedora_2011_14747_kernel_fc14.nasl
2011-10-10 Name : Fedora Update for kernel FEDORA-2011-12874
File : nvt/gb_fedora_2011_12874_kernel_fc14.nasl
2011-08-27 Name : Fedora Update for kernel FEDORA-2011-11103
File : nvt/gb_fedora_2011_11103_kernel_fc14.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2010:0792 centos5 i386
File : nvt/gb_CESA-2010_0792_kernel_centos5_i386.nasl
2011-06-24 Name : Fedora Update for kernel FEDORA-2011-6447
File : nvt/gb_fedora_2011_6447_kernel_fc13.nasl
2011-06-20 Name : Fedora Update for kernel FEDORA-2011-7551
File : nvt/gb_fedora_2011_7551_kernel_fc14.nasl
2011-05-17 Name : Fedora Update for kernel FEDORA-2011-6541
File : nvt/gb_fedora_2011_6541_kernel_fc14.nasl
2011-05-10 Name : Ubuntu Update for linux-ti-omap4 USN-1119-1
File : nvt/gb_ubuntu_USN_1119_1.nasl
2011-03-15 Name : Fedora Update for kernel FEDORA-2011-2134
File : nvt/gb_fedora_2011_2134_kernel_fc13.nasl
2011-03-07 Name : Ubuntu Update for linux-lts-backport-maverick vulnerabilities USN-1083-1
File : nvt/gb_ubuntu_USN_1083_1.nasl
2011-02-11 Name : Fedora Update for kernel FEDORA-2011-1138
File : nvt/gb_fedora_2011_1138_kernel_fc14.nasl
2010-12-28 Name : Fedora Update for kernel FEDORA-2010-18983
File : nvt/gb_fedora_2010_18983_kernel_fc13.nasl
2010-12-23 Name : Fedora Update for kernel FEDORA-2010-18506
File : nvt/gb_fedora_2010_18506_kernel_fc13.nasl
2010-12-09 Name : Fedora Update for kernel FEDORA-2010-18493
File : nvt/gb_fedora_2010_18493_kernel_fc14.nasl
2010-12-02 Name : Fedora Update for kernel FEDORA-2010-16826
File : nvt/gb_fedora_2010_16826_kernel_fc14.nasl
2010-11-16 Name : SuSE Update for kernel SUSE-SA:2010:053
File : nvt/gb_suse_2010_053.nasl
2010-11-04 Name : RedHat Update for kernel RHSA-2010:0792-01
File : nvt/gb_RHSA-2010_0792-01_kernel.nasl
2010-10-22 Name : Ubuntu Update for Linux kernel vulnerabilities USN-1000-1
File : nvt/gb_ubuntu_USN_1000_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
69117 Linux Kernel net/rds/page.c rds_page_copy_user() Function Local Privilege Esc...

Linux Kernel contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the 'rds_page_copy_user' function in 'net/rds/page.c' in the Reliable Datagram Sockets (RDS) protocol implementation fails to validate addresses obtained from user space, allowing a local attacker to make crafted use of the sendmsg and recvmsg system calls to gain elevated privileges.

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-10-27 IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi
Severity : Category I - VMSKEY : V0030545

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_kernel-101026.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0792.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-2009.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1083-1.nasl - Type : ACT_GATHER_INFO
2013-03-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1093-1.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101025_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-10-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1119-1.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-101102.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-ec2-101103.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0792.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0842.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-101026.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16826.nasl - Type : ACT_GATHER_INFO
2010-10-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0792.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1000-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:53:57
  • Multiple Updates