Vulnerability Description
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systemtap | Systemtap | 1.3 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.h
- http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privi
- http://secunia.com/advisories/42256Vendor Advisory
- http://secunia.com/advisories/42263Vendor Advisory
- http://secunia.com/advisories/42306Vendor Advisory
- http://secunia.com/advisories/42318Vendor Advisory
- http://secunia.com/advisories/46920
- http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41
- http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html
- http://www.debian.org/security/2011/dsa-2348
- http://www.exploit-db.com/exploits/15620Exploit
- http://www.redhat.com/support/errata/RHSA-2010-0894.html
- http://www.redhat.com/support/errata/RHSA-2010-0895.html
FAQ
What is CVE-2010-4170?
CVE-2010-4170 is a vulnerability with a CVSS score of 7.2 (HIGH). The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment var...
How severe is CVE-2010-4170?
CVE-2010-4170 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4170?
Check the references section above for vendor advisories and patch information. Affected products include: Systemtap Systemtap.