CVE-2010-4170

Published: Dec 7, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

systemtap-staprun-priv-escalation(63344)

vdb-entry

x_refsource_XF

[systemtap] 20101117 important systemtap security fix

mailing-list

x_refsource_MLIST

FEDORA-2010-17873

vendor-advisory

x_refsource_FEDORA

15620

exploit

x_refsource_EXPLOIT-DB

42263

third-party-advisory

x_refsource_SECUNIA

FEDORA-2010-17865

vendor-advisory

x_refsource_FEDORA

http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2

x_refsource_CONFIRM

RHSA-2010:0894

vendor-advisory

x_refsource_REDHAT

RHSA-2010:0895

vendor-advisory

x_refsource_REDHAT

42306

third-party-advisory

x_refsource_SECUNIA

44914

vdb-entry

x_refsource_BID

DSA-2348

vendor-advisory

x_refsource_DEBIAN

1024754

vdb-entry

x_refsource_SECTRACK

46920

third-party-advisory

x_refsource_SECUNIA

42256

third-party-advisory

x_refsource_SECUNIA

42318

third-party-advisory

x_refsource_SECUNIA

FEDORA-2010-17868

vendor-advisory

x_refsource_FEDORA

http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html

x_refsource_MISC

46730

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2010-4170

Description

Affected Products

References