Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2010-0895.NASL
HistoryNov 18, 2010 - 12:00 a.m.

RHEL 4 : systemtap (RHSA-2010:0895)

2010-11-1800:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
JSON

Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules (for example, loading them).

It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-4170)

Note: On Red Hat Enterprise Linux 4, an attacker must be a member of the stapusr group to exploit this issue. Also note that, after installing this update, users already in the stapdev group must be added to the stapusr group in order to be able to run the staprun tool.

Red Hat would like to thank Tavis Ormandy for reporting this issue.

SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2010:0895. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(50647);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-4170");
  script_xref(name:"RHSA", value:"2010:0895");

  script_name(english:"RHEL 4 : systemtap (RHSA-2010:0895)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated systemtap packages that fix one security issue are now
available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

SystemTap is an instrumentation system for systems running the Linux
kernel, version 2.6. Developers can write scripts to collect data on
the operation of the system. staprun, the SystemTap runtime tool, is
used for managing SystemTap kernel modules (for example, loading
them).

It was discovered that staprun did not properly sanitize the
environment before executing the modprobe command to load an
additional kernel module. A local, unprivileged user could use this
flaw to escalate their privileges. (CVE-2010-4170)

Note: On Red Hat Enterprise Linux 4, an attacker must be a member of
the stapusr group to exploit this issue. Also note that, after
installing this update, users already in the stapdev group must be
added to the stapusr group in order to be able to run the staprun
tool.

Red Hat would like to thank Tavis Ormandy for reporting this issue.

SystemTap users should upgrade to these updated packages, which
contain a backported patch to correct this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-4170"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2010:0895"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected systemtap, systemtap-runtime and / or
systemtap-testsuite packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'SystemTap MODPROBE_OPTIONS Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-runtime");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-testsuite");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2010:0895";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL4", cpu:"i386", reference:"systemtap-0.6.2-2.el4_8.3")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"systemtap-0.6.2-2.el4_8.3")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i386", reference:"systemtap-runtime-0.6.2-2.el4_8.3")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"systemtap-runtime-0.6.2-2.el4_8.3")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i386", reference:"systemtap-testsuite-0.6.2-2.el4_8.3")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"systemtap-testsuite-0.6.2-2.el4_8.3")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemtap / systemtap-runtime / systemtap-testsuite");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxsystemtapp-cpe:/a:redhat:enterprise_linux:systemtap
redhatenterprise_linuxsystemtap-runtimep-cpe:/a:redhat:enterprise_linux:systemtap-runtime
redhatenterprise_linuxsystemtap-testsuitep-cpe:/a:redhat:enterprise_linux:systemtap-testsuite
redhatenterprise_linux4cpe:/o:redhat:enterprise_linux:4
redhatenterprise_linux4.8cpe:/o:redhat:enterprise_linux:4.8

Related

nessus 13
openvas 21
metasploit 1
packetstorm 2
zdt 1
ubuntucve 1
debiancve 1
veracode 1
exploitpack 1
cvelist 1
redhat 2
cve 1
seebug 1
prion 1
centos 2
exploitdb 2
oraclelinux 2
fedora 5
osv 1
debian 1
nessus
nessus
CentOS 4 : systemtap (CESA-2010:0895)
2010-11-24 00:00:00
Oracle Linux 4 : systemtap (ELSA-2010-0895)
2013-07-12 00:00:00
Scientific Linux Security Update : systemtap on SL4.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
CentOS Update for systemtap CESA-2010:0895 centos4 i386
2010-11-23 00:00:00
RedHat Update for systemtap RHSA-2010:0895-01
2010-11-23 00:00:00
CentOS Update for systemtap CESA-2010:0895 centos4 i386
2010-11-23 00:00:00
metasploit
metasploit
SystemTap MODPROBE_OPTIONS Privilege Escalation
2019-04-18 17:15:22
packetstorm
packetstorm
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
2019-04-19 00:00:00
Linux Systemtap Privilege Escalation
2010-11-26 00:00:00
zdt
zdt
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation Exploit
2019-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2010-4170
2010-12-07 00:00:00
debiancve
debiancve
CVE-2010-4170
2010-12-07 22:00:02
veracode
veracode
Privilege Escalation
2020-04-10 00:50:56
exploitpack
exploitpack
SystemTap - Local Privilege Escalation
2010-11-26 00:00:00
cvelist
cvelist
CVE-2010-4170
2010-12-07 21:00:00
redhat
redhat
(RHSA-2010:0895) Moderate: systemtap security update
2010-11-17 00:00:00
(RHSA-2010:0894) Important: systemtap security update
2010-11-17 00:00:00
cve
cve
CVE-2010-4170
2010-12-07 22:00:02
seebug
seebug
systemtap - Local Root Privilege Escalation Vulnerability
2014-07-01 00:00:00
prion
prion
Design/Logic Flaw
2010-12-07 22:00:00
centos
centos
systemtap security update
2010-11-17 18:59:39
systemtap security update
2010-11-17 14:50:12
exploitdb
exploitdb
SystemTap - Local Privilege Escalation
2010-11-26 00:00:00
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)
2019-04-19 00:00:00
oraclelinux
oraclelinux
systemtap security update
2010-11-17 00:00:00
systemtap security update
2010-11-17 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: systemtap-1.3-3.fc12
2010-11-19 00:04:42
[SECURITY] Fedora 14 Update: systemtap-1.3-3.fc14
2010-11-19 00:03:39
[SECURITY] Fedora 13 Update: systemtap-1.3-3.fc13
2010-11-19 00:05:43
osv
osv
systemtap - several
2011-11-17 00:00:00
debian
debian
[SECURITY] [DSA 2348-1] systemtap security update
2011-11-20 20:15:11
JSON
Related for REDHAT-RHSA-2010-0895.NASL
nessus13openvas21metasploit1packetstorm2zdt1ubuntucve1debiancve1veracode1exploitpack1cvelist1redhat2cve1seebug1prion1centos2exploitdb2oraclelinux2fedora5osv1debian1