Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2011-2502HistoryOct 03, 2022 - 4:15 p.m.
CVE-2011-2502
2022-10-0316:15:16
Debian Security Bug Tracker
security-tracker.debian.org
6
cve-2011-2502
systemtap
runtime tool
staprun
validation vulnerability
user-space probing
stapusr group
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | systemtap | < 1.6-1 | systemtap_1.6-1_all.deb |
| Debian | 11 | all | systemtap | < 1.6-1 | systemtap_1.6-1_all.deb |
| Debian | 999 | all | systemtap | < 1.6-1 | systemtap_1.6-1_all.deb |
| Debian | 13 | all | systemtap | < 1.6-1 | systemtap_1.6-1_all.deb |
Related
cve
cve
CVE-2011-2502
2022-10-03 16:15:16
seebug
seebug
SystemTap "staprun"权限提升安全漏洞
2011-07-28 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:01:22
prion
prion
Design/Logic Flaw
2012-07-26 19:55:00
ubuntucve
ubuntucve
CVE-2011-2502
2012-07-26 00:00:00
nvd
nvd
CVE-2011-2502
2012-07-26 19:55:00
cvelist
cvelist
CVE-2011-2502
2022-10-03 16:15:16
nessus
nessus
Fedora 15 : systemtap-1.5-8.fc15 (2011-9722)
2011-08-01 00:00:00
RHEL 6 : systemtap (RHSA-2011:1088)
2011-07-26 00:00:00
Oracle Linux 6 : systemtap (ELSA-2011-1088)
2013-07-12 00:00:00
openvas
openvas
Fedora Update for systemtap FEDORA-2011-9739
2011-08-02 00:00:00
Fedora Update for systemtap FEDORA-2011-9739
2011-08-02 00:00:00
RedHat Update for systemtap RHSA-2011:1088-01
2012-06-06 00:00:00
redhat
redhat
(RHSA-2011:1088) Moderate: systemtap security update
2011-07-25 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: systemtap-1.5-8.fc14
2011-07-31 04:04:50
[SECURITY] Fedora 15 Update: systemtap-1.5-8.fc15
2011-07-31 03:56:29
[SECURITY] Fedora 15 Update: systemtap-1.7-2.fc15
2012-02-25 08:35:45
oraclelinux
oraclelinux
systemtap security update
2011-07-25 00:00:00
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
Related for DEBIANCVE:CVE-2011-2502