Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2503

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2011-2503
Last Modified 27 Jul 2012 08:04:32
Published 26 Jul 2012 03:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2011-2503

Summary

The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.

Vulnerable Systems

Application

  • Systemtap 0.2.2

  • Systemtap 0.3

  • Systemtap 0.4

  • Systemtap 0.5

  • Systemtap 0.5.10

  • Systemtap 0.5.12

  • Systemtap 0.5.13

  • Systemtap 0.5.14

  • Systemtap 0.5.3

  • Systemtap 0.5.4

  • Systemtap 0.5.5

  • Systemtap 0.5.7

  • Systemtap 0.5.8

  • Systemtap 0.5.9

  • Systemtap 0.6

  • Systemtap 0.6.2

  • Systemtap 0.7

  • Systemtap 0.7.2

  • Systemtap 0.8

  • Systemtap 0.9

  • Systemtap 0.9.5

  • Systemtap 0.9.7

  • Systemtap 0.9.8

  • Systemtap 0.9.9

  • Systemtap 1.0

  • Systemtap 1.1

  • Systemtap 1.2

  • Systemtap 1.3

  • Systemtap 1.4

  • Systemtap 1.5


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503

DEBIAN - DSA-2348

CONFIRM - http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commitdiff;h=ed51cfa24ca27746ab09b59280b94117dd58cba3

CONFIRM - http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=blob;f=NEWS;hb=304d73b1fea24af791f2a129fb141c5009eae6a8

SECUNIA - 46920

SECUNIA - 45377


Last Updated: 27 May 2016 10:53:34