Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2010:0895
HistoryNov 17, 2010 - 12:00 a.m.

(RHSA-2010:0895) Moderate: systemtap security update

2010-11-1700:00:00
access.redhat.com
17

0.001 Low

EPSS

Percentile

24.9%

JSON

SystemTap is an instrumentation system for systems running the Linux
kernel, version 2.6. Developers can write scripts to collect data on the
operation of the system. staprun, the SystemTap runtime tool, is used for
managing SystemTap kernel modules (for example, loading them).

It was discovered that staprun did not properly sanitize the environment
before executing the modprobe command to load an additional kernel module.
A local, unprivileged user could use this flaw to escalate their
privileges. (CVE-2010-4170)

Note: On Red Hat Enterprise Linux 4, an attacker must be a member of the
stapusr group to exploit this issue. Also note that, after installing this
update, users already in the stapdev group must be added to the stapusr
group in order to be able to run the staprun tool.

Red Hat would like to thank Tavis Ormandy for reporting this issue.

SystemTap users should upgrade to these updated packages, which contain
a backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat4srcsystemtap< 0.6.2-2.el4_8.3systemtap-0.6.2-2.el4_8.3.src.rpm
RedHat4ia64systemtap-runtime< 0.6.2-2.el4_8.3systemtap-runtime-0.6.2-2.el4_8.3.ia64.rpm
RedHat4ia64systemtap< 0.6.2-2.el4_8.3systemtap-0.6.2-2.el4_8.3.ia64.rpm
RedHat4i386systemtap< 0.6.2-2.el4_8.3systemtap-0.6.2-2.el4_8.3.i386.rpm
RedHat4ia64systemtap-testsuite< 0.6.2-2.el4_8.3systemtap-testsuite-0.6.2-2.el4_8.3.ia64.rpm
RedHat4ppc64systemtap-runtime< 0.6.2-2.el4_8.3systemtap-runtime-0.6.2-2.el4_8.3.ppc64.rpm
RedHat4x86_64systemtap-testsuite< 0.6.2-2.el4_8.3systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm
RedHat4x86_64systemtap< 0.6.2-2.el4_8.3systemtap-0.6.2-2.el4_8.3.x86_64.rpm
RedHat4ppc64systemtap< 0.6.2-2.el4_8.3systemtap-0.6.2-2.el4_8.3.ppc64.rpm
RedHat4i386systemtap-testsuite< 0.6.2-2.el4_8.3systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm
Rows per page:
1-10 of 131

Related

packetstorm 2
openvas 21
exploitpack 1
veracode 1
zdt 1
ubuntucve 1
debiancve 1
nessus 14
centos 2
seebug 1
prion 1
metasploit 1
nvd 1
cve 1
cvelist 1
exploitdb 2
fedora 5
oraclelinux 2
redhat 1
debian 1
osv 1
packetstorm
packetstorm
Linux Systemtap Privilege Escalation
2010-11-26 00:00:00
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
2019-04-19 00:00:00
openvas
openvas
CentOS Update for systemtap CESA-2010:0895 centos4 i386
2010-11-23 00:00:00
RedHat Update for systemtap RHSA-2010:0895-01
2010-11-23 00:00:00
RedHat Update for systemtap RHSA-2010:0895-01
2010-11-23 00:00:00
exploitpack
exploitpack
SystemTap - Local Privilege Escalation
2010-11-26 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:50:56
zdt
zdt
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation Exploit
2019-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2010-4170
2010-12-07 00:00:00
debiancve
debiancve
CVE-2010-4170
2010-12-07 22:00:02
nessus
nessus
Scientific Linux Security Update : systemtap on SL4.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 4 : systemtap (ELSA-2010-0895)
2013-07-12 00:00:00
RHEL 4 : systemtap (RHSA-2010:0895)
2010-11-18 00:00:00
centos
centos
systemtap security update
2010-11-17 18:59:39
systemtap security update
2010-11-17 14:50:12
seebug
seebug
systemtap - Local Root Privilege Escalation Vulnerability
2014-07-01 00:00:00
prion
prion
Design/Logic Flaw
2010-12-07 22:00:00
metasploit
metasploit
SystemTap MODPROBE_OPTIONS Privilege Escalation
2019-04-18 17:15:22
nvd
nvd
CVE-2010-4170
2010-12-07 22:00:02
cve
cve
CVE-2010-4170
2010-12-07 22:00:02
cvelist
cvelist
CVE-2010-4170
2010-12-07 21:00:00
exploitdb
exploitdb
SystemTap - Local Privilege Escalation
2010-11-26 00:00:00
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)
2019-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: systemtap-1.3-3.fc14
2010-11-19 00:03:39
[SECURITY] Fedora 12 Update: systemtap-1.3-3.fc12
2010-11-19 00:04:42
[SECURITY] Fedora 13 Update: systemtap-1.3-3.fc13
2010-11-19 00:05:43
oraclelinux
oraclelinux
systemtap security update
2010-11-17 00:00:00
systemtap security update
2010-11-17 00:00:00
redhat
redhat
(RHSA-2010:0894) Important: systemtap security update
2010-11-17 00:00:00
debian
debian
[SECURITY] [DSA 2348-1] systemtap security update
2011-11-20 19:58:26
osv
osv
systemtap - several
2011-11-17 00:00:00

0.001 Low

EPSS

Percentile

24.9%

JSON
Related for RHSA-2010:0895
packetstorm2openvas21exploitpack1veracode1zdt1ubuntucve1debiancve1nessus14centos2seebug1prion1metasploit1nvd1cve1cvelist1exploitdb2fedora5oraclelinux2redhat1debian1osv1