Veracode Vulnerability DatabaseVERACODE:24275Privilege Escalation
0.001 Low
EPSS
Percentile
24.9%
systemtap is vulnerable to privilege escalation. The vulnerability exists as it was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges.
References
lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html
packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html
secunia.com/advisories/42256
secunia.com/advisories/42263
secunia.com/advisories/42306
secunia.com/advisories/42318
secunia.com/advisories/46920
sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2
sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2
sources.redhat.com/ml/systemtap/2010-q4/msg00230.html
www.debian.org/security/2011/dsa-2348
www.exploit-db.com/exploits/15620
www.redhat.com/support/errata/RHSA-2010-0894.html
www.redhat.com/support/errata/RHSA-2010-0895.html
www.securityfocus.com/bid/44914
www.securitytracker.com/id?1024754
access.redhat.com/errata/RHSA-2010:0894
access.redhat.com/errata/RHSA-2010:0895
access.redhat.com/security/cve/CVE-2010-4170
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=653604
exchange.xforce.ibmcloud.com/vulnerabilities/63344
www.exploit-db.com/exploits/46730/
Related
