35 matches found
CVE-2010-4171
CVE-2010-4171 affects SystemTap staprun: it does not verify whether the module to unload was previously loaded by SystemTap, allowing a local user to trigger a denial of service by unloading arbitrary kernel modules. Connected advisories (Debian DSA-2348-1, Oracle/CentOS/Scientific Linux/Nessus e...
CVE-2010-4170
CVE-2010-4170 affects SystemTap, where the staprun runtime does not properly sanitize the environment before invoking modprobe in version 1.3, enabling a local user to escalate privileges by setting MODPROBE_OPTIONS to point to a malicious configuration file. Public references document this issue...
CVE-2010-4171
The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service unloading of arbitrary kernel modules...
CVE-2010-4170
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...
CentOS Update for systemtap CESA-2010:0895 centos4 i386
Check for the Version of systemtap OpenVAS Vulnerability Test CentOS Update for systemtap CESA-2010:0895 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...
Fedora 14 : systemtap-1.3-3.fc14 (2010-17865)
This refresh corrects two important security bugs in the /usr/bin/staprun program of the systemtap-runtime package. CVE-2010-4171 Ability to remove unused modules by unprivileged user CVE-2010-4170 Insecure loading of modules We would like to thank Tavis Ormandy for reporting this issue. Note tha...
Fedora 12 : systemtap-1.3-3.fc12 (2010-17868)
This refresh corrects two important security bugs in the /usr/bin/staprun program of the systemtap-runtime package. CVE-2010-4171 Ability to remove unused modules by unprivileged user CVE-2010-4170 Insecure loading of modules We would like to thank Tavis Ormandy for reporting this issue. Note tha...
Fedora 13 : systemtap-1.3-3.fc13 (2010-17873)
This refresh corrects two important security bugs in the /usr/bin/staprun program of the systemtap-runtime package. CVE-2010-4171 Ability to remove unused modules by unprivileged user CVE-2010-4170 Insecure loading of modules We would like to thank Tavis Ormandy for reporting this issue. Note tha...
RHEL 4 : systemtap (RHSA-2010:0895)
Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
systemtap security update
CentOS Errata and Security Advisory CESA-2010:0895 Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
Systemtap: Insecure loading of modules
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...
Moderate: Red Hat Security Advisory: systemtap security update
Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Systemtap: Ability to remove unused modules by unprivileged user
The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service unloading of arbitrary kernel modules...
Systemtap: Insecure loading of modules
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...
PT-2010-1046 · Red Hat · Systemtap-Server +9
Name of the Vulnerable Software and Affected Versions: systemtap versions 0.6.2 through 1.3 systemtap-runtime versions 0.6.2 through 1.1 systemtap-testsuite versions 0.6.2 through 1.1 systemtap-client versions 1.1 through 1.2 systemtap-server versions 1.1 systemtap-initscript versions 1.1...