This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.
bc46d127784cc25a8eebe3568a7dc33efb953a22d3a6de8a44f9394b892ee0c6
This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.
a2c6557a8aad197f0270adb44eb609acd74de83e2d42b87eb9f291e7a97fe369
Symantec Messaging Gateway version 9.5.3-3 suffers from backdoor account and privilege escalation vulnerabilities.
0037358302ea3ef9e579ea39b29f6aeedaab8ea3fd730436e1fe43363d09f8dc
VMware Security Advisory 2011-0012 - VMware ESXi and ESX updates to third party libraries and ESX Service Console address several security issues.
7fd5e9259774393a258a0c189d667e06ba833c9fb8b0cd11fa8fb35727aecafa
Ubuntu Security Notice 1119-1 - Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel.
ee2b27059547517c9b31d6346cedd7eacba9014e9eeb821192ed01e86e778b49
On October 13th, VSR identified a vulnerability in the RDS protocol, as implemented in the Linux kernel. Because kernel functions responsible for copying data between kernel and user space failed to verify that a user-provided address actually resided in the user segment, a local attacker could issue specially crafted socket function calls to write arbitrary values into kernel memory. By leveraging this capability, it is possible for unprivileged users to escalate privileges to root.
bb09d9a3c04ad643125f43810191104a9e73f9ab75e3f77d497d3f284186f60b
Linux kernel versions 2.6.36-rc8 and below RDS privilege escalation exploit.
0262577e3e756fba60e9c378405ae208ebb9563222e21ca4a4b81be04b89e9d5