SHARE
CORE IMPACT v10.5 - Exploits Update (Tue Oct 26 2010)
Linux Kernel RDS Protocol Privilege Escalation Exploit
Exploits/Local [Linux]
• Tue Oct 26 2010
The Linux kernel is prone to a privilege escalation vulnerability that can be exploited by local unprivileged users to gain root access, because the RDS protocol does not properly check that the base address of a user-provided iovec struct points to a valid userspace address before using the __copy_to_user_inatomic() function to copy the data. By providing a kernel address as an iovec base and issuing a recvmsg() style socket call, a local user could write arbitrary data into kernel memory, thus escalating privileges to root.
Exploits Vulnerabiltiy: CVE-2010-3904