SystemTap 'modprob' Command Environment Variable Local Privilege Escalation Vulnerability

Bugtraq ID: 44914
Class: Design Error
CVE: CVE-2010-4170
Remote: No
Local: Yes
Published: Nov 17 2010 12:00AM
Updated: Nov 21 2011 07:26AM
Credit: Tavis Ormandy
Vulnerable: SystemTap SystemTap 0.0.20090314
SystemTap SystemTap 0.0.20080705
SystemTap SystemTap 1.1
SystemTap SystemTap 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop version 4
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux AS 4
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Avaya Messaging Storage Server 5.1
Avaya Messaging Storage Server 5.0
Avaya Messaging Storage Server 4.0
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus