Vulnerability Description
The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systemtap | Systemtap | 1.3 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.h
- http://secunia.com/advisories/42256Vendor Advisory
- http://secunia.com/advisories/42263Vendor Advisory
- http://secunia.com/advisories/42318Vendor Advisory
- http://secunia.com/advisories/46920
- http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41
- http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html
- http://www.debian.org/security/2011/dsa-2348
- http://www.redhat.com/support/errata/RHSA-2010-0894.html
- http://www.securityfocus.com/bid/44917
- http://www.securitytracker.com/id?1024754
- https://bugzilla.redhat.com/show_bug.cgi?id=653606
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63345
FAQ
What is CVE-2010-4171?
CVE-2010-4171 is a vulnerability with a CVSS score of 2.1 (LOW). The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kern...
How severe is CVE-2010-4171?
CVE-2010-4171 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4171?
Check the references section above for vendor advisories and patch information. Affected products include: Systemtap Systemtap.