Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2010-4170HistoryDec 07, 2010 - 10:00 p.m.
CVE-2010-4170
2010-12-0722:00:02
Debian Security Bug Tracker
security-tracker.debian.org
13
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
24.9%
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | systemtap | < 1.2-3 | systemtap_1.2-3_all.deb |
| Debian | 11 | all | systemtap | < 1.2-3 | systemtap_1.2-3_all.deb |
| Debian | 10 | all | systemtap | < 1.2-3 | systemtap_1.2-3_all.deb |
| Debian | 999 | all | systemtap | < 1.2-3 | systemtap_1.2-3_all.deb |
| Debian | 13 | all | systemtap | < 1.2-3 | systemtap_1.2-3_all.deb |
Related
packetstorm
packetstorm
Linux Systemtap Privilege Escalation
2010-11-26 00:00:00
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
2019-04-19 00:00:00
openvas
openvas
CentOS Update for systemtap CESA-2010:0895 centos4 i386
2010-11-23 00:00:00
RedHat Update for systemtap RHSA-2010:0895-01
2010-11-23 00:00:00
RedHat Update for systemtap RHSA-2010:0895-01
2010-11-23 00:00:00
exploitpack
exploitpack
SystemTap - Local Privilege Escalation
2010-11-26 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:50:56
zdt
zdt
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation Exploit
2019-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2010-4170
2010-12-07 00:00:00
nessus
nessus
Scientific Linux Security Update : systemtap on SL4.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 4 : systemtap (ELSA-2010-0895)
2013-07-12 00:00:00
RHEL 4 : systemtap (RHSA-2010:0895)
2010-11-18 00:00:00
centos
centos
systemtap security update
2010-11-17 18:59:39
systemtap security update
2010-11-17 14:50:12
seebug
seebug
systemtap - Local Root Privilege Escalation Vulnerability
2014-07-01 00:00:00
prion
prion
Design/Logic Flaw
2010-12-07 22:00:00
metasploit
metasploit
SystemTap MODPROBE_OPTIONS Privilege Escalation
2019-04-18 17:15:22
nvd
nvd
CVE-2010-4170
2010-12-07 22:00:02
cve
cve
CVE-2010-4170
2010-12-07 22:00:02
redhat
redhat
(RHSA-2010:0895) Moderate: systemtap security update
2010-11-17 00:00:00
(RHSA-2010:0894) Important: systemtap security update
2010-11-17 00:00:00
cvelist
cvelist
CVE-2010-4170
2010-12-07 21:00:00
exploitdb
exploitdb
SystemTap - Local Privilege Escalation
2010-11-26 00:00:00
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)
2019-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: systemtap-1.3-3.fc14
2010-11-19 00:03:39
[SECURITY] Fedora 12 Update: systemtap-1.3-3.fc12
2010-11-19 00:04:42
[SECURITY] Fedora 13 Update: systemtap-1.3-3.fc13
2010-11-19 00:05:43
oraclelinux
oraclelinux
systemtap security update
2010-11-17 00:00:00
systemtap security update
2010-11-17 00:00:00
debian
debian
[SECURITY] [DSA 2348-1] systemtap security update
2011-11-20 19:58:26
osv
osv
systemtap - several
2011-11-17 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
24.9%
Related for DEBIANCVE:CVE-2010-4170