Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2010-0894.NASL
HistoryNov 18, 2010 - 12:00 a.m.

RHEL 5 / 6 : systemtap (RHSA-2010:0894)

2010-11-1800:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules (for example, loading them).

It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-4170)

It was discovered that staprun did not check if the module to be unloaded was previously loaded by SystemTap. A local, unprivileged user could use this flaw to unload an arbitrary kernel module that was not in use. (CVE-2010-4171)

Note: After installing this update, users already in the stapdev group must be added to the stapusr group in order to be able to run the staprun tool.

Red Hat would like to thank Tavis Ormandy for reporting these issues.

SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2010:0894. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(50646);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-4170", "CVE-2010-4171");
  script_xref(name:"RHSA", value:"2010:0894");

  script_name(english:"RHEL 5 / 6 : systemtap (RHSA-2010:0894)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated systemtap packages that fix two security issues are now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

SystemTap is an instrumentation system for systems running the Linux
kernel, version 2.6. Developers can write scripts to collect data on
the operation of the system. staprun, the SystemTap runtime tool, is
used for managing SystemTap kernel modules (for example, loading
them).

It was discovered that staprun did not properly sanitize the
environment before executing the modprobe command to load an
additional kernel module. A local, unprivileged user could use this
flaw to escalate their privileges. (CVE-2010-4170)

It was discovered that staprun did not check if the module to be
unloaded was previously loaded by SystemTap. A local, unprivileged
user could use this flaw to unload an arbitrary kernel module that was
not in use. (CVE-2010-4171)

Note: After installing this update, users already in the stapdev group
must be added to the stapusr group in order to be able to run the
staprun tool.

Red Hat would like to thank Tavis Ormandy for reporting these issues.

SystemTap users should upgrade to these updated packages, which
contain backported patches to correct these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-4170"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-4171"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2010:0894"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'SystemTap MODPROBE_OPTIONS Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-grapher");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-initscript");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-runtime");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-sdt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-testsuite");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2010:0894";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-client-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-client-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-client-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-initscript-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-initscript-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-initscript-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-runtime-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-runtime-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-runtime-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", reference:"systemtap-sdt-devel-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-server-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-server-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-server-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-testsuite-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-testsuite-1.1-3.el5_5.3")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-testsuite-1.1-3.el5_5.3")) flag++;


  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"systemtap-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"systemtap-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"systemtap-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"systemtap-client-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"systemtap-client-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"systemtap-client-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", reference:"systemtap-debuginfo-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"systemtap-grapher-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"systemtap-grapher-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"systemtap-grapher-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"systemtap-initscript-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"systemtap-initscript-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"systemtap-initscript-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"systemtap-runtime-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"systemtap-runtime-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"systemtap-runtime-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", reference:"systemtap-sdt-devel-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"systemtap-server-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"systemtap-server-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"systemtap-server-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"systemtap-testsuite-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"systemtap-testsuite-1.2-11.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"systemtap-testsuite-1.2-11.el6_0")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemtap / systemtap-client / systemtap-debuginfo / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxsystemtapp-cpe:/a:redhat:enterprise_linux:systemtap
redhatenterprise_linuxsystemtap-clientp-cpe:/a:redhat:enterprise_linux:systemtap-client
redhatenterprise_linuxsystemtap-debuginfop-cpe:/a:redhat:enterprise_linux:systemtap-debuginfo
redhatenterprise_linuxsystemtap-grapherp-cpe:/a:redhat:enterprise_linux:systemtap-grapher
redhatenterprise_linuxsystemtap-initscriptp-cpe:/a:redhat:enterprise_linux:systemtap-initscript
redhatenterprise_linuxsystemtap-runtimep-cpe:/a:redhat:enterprise_linux:systemtap-runtime
redhatenterprise_linuxsystemtap-sdt-develp-cpe:/a:redhat:enterprise_linux:systemtap-sdt-devel
redhatenterprise_linuxsystemtap-serverp-cpe:/a:redhat:enterprise_linux:systemtap-server
redhatenterprise_linuxsystemtap-testsuitep-cpe:/a:redhat:enterprise_linux:systemtap-testsuite
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
Rows per page:
1-10 of 121

Related

openvas 21
nessus 13
fedora 5
oraclelinux 2
redhat 2
centos 2
osv 1
debian 1
metasploit 1
packetstorm 2
zdt 1
ubuntucve 2
debiancve 2
veracode 2
exploitpack 1
seebug 1
prion 2
cvelist 2
cve 2
exploitdb 2
openvas
openvas
CentOS Update for systemtap CESA-2010:0894 centos5 i386
2011-08-09 00:00:00
Fedora Update for systemtap FEDORA-2010-17873
2010-11-23 00:00:00
Fedora Update for systemtap FEDORA-2010-17873
2010-11-23 00:00:00
nessus
nessus
Fedora 12 : systemtap-1.3-3.fc12 (2010-17868)
2010-11-19 00:00:00
CentOS 5 : systemtap (CESA-2010:0894)
2010-11-24 00:00:00
Fedora 14 : systemtap-1.3-3.fc14 (2010-17865)
2010-11-19 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: systemtap-1.3-3.fc14
2010-11-19 00:03:39
[SECURITY] Fedora 13 Update: systemtap-1.3-3.fc13
2010-11-19 00:05:43
[SECURITY] Fedora 12 Update: systemtap-1.3-3.fc12
2010-11-19 00:04:42
oraclelinux
oraclelinux
systemtap security update
2010-11-17 00:00:00
systemtap security update
2010-11-17 00:00:00
redhat
redhat
(RHSA-2010:0894) Important: systemtap security update
2010-11-17 00:00:00
(RHSA-2010:0895) Moderate: systemtap security update
2010-11-17 00:00:00
centos
centos
systemtap security update
2010-11-17 14:50:12
systemtap security update
2010-11-17 18:59:39
osv
osv
systemtap - several
2011-11-17 00:00:00
debian
debian
[SECURITY] [DSA 2348-1] systemtap security update
2011-11-20 20:15:11
metasploit
metasploit
SystemTap MODPROBE_OPTIONS Privilege Escalation
2019-04-18 17:15:22
packetstorm
packetstorm
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
2019-04-19 00:00:00
Linux Systemtap Privilege Escalation
2010-11-26 00:00:00
zdt
zdt
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation Exploit
2019-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2010-4170
2010-12-07 00:00:00
CVE-2010-4171
2010-12-07 00:00:00
debiancve
debiancve
CVE-2010-4170
2010-12-07 22:00:02
CVE-2010-4171
2010-12-07 22:00:02
veracode
veracode
Privilege Escalation
2020-04-10 00:50:56
Denial Of Service (DoS)
2020-04-10 00:50:56
exploitpack
exploitpack
SystemTap - Local Privilege Escalation
2010-11-26 00:00:00
seebug
seebug
systemtap - Local Root Privilege Escalation Vulnerability
2014-07-01 00:00:00
prion
prion
Design/Logic Flaw
2010-12-07 22:00:00
Code injection
2010-12-07 22:00:00
cvelist
cvelist
CVE-2010-4170
2010-12-07 21:00:00
CVE-2010-4171
2010-12-07 21:00:00
cve
cve
CVE-2010-4170
2010-12-07 22:00:02
CVE-2010-4171
2010-12-07 22:00:02
exploitdb
exploitdb
SystemTap - Local Privilege Escalation
2010-11-26 00:00:00
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)
2019-04-19 00:00:00
JSON
Related for REDHAT-RHSA-2010-0894.NASL
openvas21nessus13fedora5oraclelinux2redhat2centos2osv1debian1metasploit1packetstorm2zdt1ubuntucve2debiancve2veracode2exploitpack1seebug1prion2cvelist2cve2exploitdb2