Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2502

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2011-2502
Last Modified 27 Jul 2012 12:00:00
Published 26 Jul 2012 03:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2502

Summary

runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument.

Vulnerable Systems

Application

  • Systemtap 0.2.2

  • Systemtap 0.3

  • Systemtap 0.4

  • Systemtap 0.5

  • Systemtap 0.5.10

  • Systemtap 0.5.12

  • Systemtap 0.5.13

  • Systemtap 0.5.14

  • Systemtap 0.5.3

  • Systemtap 0.5.4

  • Systemtap 0.5.5

  • Systemtap 0.5.7

  • Systemtap 0.5.8

  • Systemtap 0.5.9

  • Systemtap 0.6

  • Systemtap 0.6.2

  • Systemtap 0.7

  • Systemtap 0.7.2

  • Systemtap 0.8

  • Systemtap 0.9

  • Systemtap 0.9.5

  • Systemtap 0.9.7

  • Systemtap 0.9.8

  • Systemtap 0.9.9

  • Systemtap 1.0

  • Systemtap 1.1

  • Systemtap 1.2

  • Systemtap 1.3

  • Systemtap 1.4

  • Systemtap 1.5


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=716476

CONFIRM - http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commitdiff;h=4ecaadf545a729bb3e5f01f6f019716d49815d9a

CONFIRM - http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=blob;f=NEWS;hb=304d73b1fea24af791f2a129fb141c5009eae6a8

SECUNIA - 45377


Last Updated: 27 May 2016 10:55:01