Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2011-2503HistoryJul 26, 2012 - 7:55 p.m.
CVE-2011-2503
2012-07-2619:55:00
Debian Security Bug Tracker
security-tracker.debian.org
27
systemtap
runtime tool
insert_module
privilege escalation
race condition
signature validation
module initialization
CVSS2
3.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
EPSS
0
Percentile
5.1%
The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | systemtap | < 1.6-1 | systemtap_1.6-1_all.deb |
| Debian | 11 | all | systemtap | < 1.6-1 | systemtap_1.6-1_all.deb |
| Debian | 999 | all | systemtap | < 1.6-1 | systemtap_1.6-1_all.deb |
| Debian | 13 | all | systemtap | < 1.6-1 | systemtap_1.6-1_all.deb |
Related
nessus
nessus
RHEL 4 : systemtap (Unpatched Vulnerability)
2024-06-03 00:00:00
Oracle Linux 5 : systemtap (ELSA-2011-1089)
2013-07-12 00:00:00
CentOS 5 : systemtap (CESA-2011:1089)
2011-09-23 00:00:00
openvas
openvas
CentOS Update for systemtap CESA-2011:1089 centos5 x86_64
2012-07-30 00:00:00
RedHat Update for systemtap RHSA-2011:1089-01
2011-07-27 00:00:00
Oracle: Security Advisory (ELSA-2011-1089)
2015-10-06 00:00:00
oraclelinux
oraclelinux
systemtap security update
2011-08-01 00:00:00
systemtap security update
2011-07-25 00:00:00
nvd
nvd
CVE-2011-2503
2012-07-26 19:55:00
redhat
redhat
(RHSA-2011:1089) Moderate: systemtap security update
2011-07-25 00:00:00
(RHSA-2011:1088) Moderate: systemtap security update
2011-07-25 00:00:00
prion
prion
Race condition
2012-07-26 19:55:00
ubuntucve
ubuntucve
CVE-2011-2503
2012-07-26 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 01:01:04
centos
centos
systemtap security update
2011-09-05 00:09:57
cvelist
cvelist
CVE-2011-2503
2012-07-26 19:00:00
cve
cve
CVE-2011-2503
2012-07-26 19:55:00
fedora
fedora
[SECURITY] Fedora 14 Update: systemtap-1.5-8.fc14
2011-07-31 04:04:50
[SECURITY] Fedora 15 Update: systemtap-1.5-8.fc15
2011-07-31 03:56:29
[SECURITY] Fedora 15 Update: systemtap-1.7-2.fc15
2012-02-25 08:35:45
debian
debian
[SECURITY] [DSA 2348-1] systemtap security update
2011-11-20 19:58:26
osv
osv
systemtap - several
2011-11-17 00:00:00
CVSS2
3.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
EPSS
0
Percentile
5.1%
Related for DEBIANCVE:CVE-2011-2503