LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

systemtap: privilege escalation

Package(s):systemtap CVE #(s):CVE-2011-2502 CVE-2011-2503
Created:July 26, 2011 Updated:September 23, 2011
Description: From the Red Hat advisory:

It was found that SystemTap did not perform proper module path sanity checking if a user specified a custom path to the uprobes module, used when performing user-space probing ("staprun -u"). A local user who is a member of the stapusr group could use this flaw to bypass intended module-loading restrictions, allowing them to escalate their privileges by loading an arbitrary, unsigned module. (CVE-2011-2502)

A race condition flaw was found in the way the staprun utility performed module loading. A local user who is a member of the stapusr group could use this flaw to modify a signed module while it is being loaded, allowing them to escalate their privileges. (CVE-2011-2503)

Alerts:
Debian DSA-2348-1 2011-11-17
CentOS CESA-2011:1089 2011-09-22
Scientific Linux SL-syst-20110725 2011-07-25
Fedora FEDORA-2011-9739 2011-07-26
Fedora FEDORA-2011-9722 2011-07-26
Scientific Linux SL-syst-20110725 2011-07-25
Red Hat RHSA-2011:1089-01 2011-07-25
Red Hat RHSA-2011:1088-01 2011-07-25
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds