 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.68542 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2010:0895 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2010:0895. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules (for example, loading them). It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-4170) Note: On Red Hat Enterprise Linux 4, an attacker must be a member of the stapusr group to exploit this issue. Also note that, after installing this update, users already in the stapdev group must be added to the stapusr group in order to be able to run the staprun tool. Red Hat would like to thank Tavis Ormandy for reporting this issue. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0895.html Risk factor : High CVSS Score: 7.2 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4170 1024754 http://www.securitytracker.com/id?1024754 15620 http://www.exploit-db.com/exploits/15620 42256 http://secunia.com/advisories/42256 42263 http://secunia.com/advisories/42263 42306 http://secunia.com/advisories/42306 42318 http://secunia.com/advisories/42318 44914 http://www.securityfocus.com/bid/44914 46730 https://www.exploit-db.com/exploits/46730/ 46920 http://secunia.com/advisories/46920 DSA-2348 http://www.debian.org/security/2011/dsa-2348 FEDORA-2010-17865 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html FEDORA-2010-17868 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html FEDORA-2010-17873 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html RHSA-2010:0894 http://www.redhat.com/support/errata/RHSA-2010-0894.html RHSA-2010:0895 http://www.redhat.com/support/errata/RHSA-2010-0895.html [systemtap] 20101117 important systemtap security fix http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2 systemtap-staprun-priv-escalation(63344) https://exchange.xforce.ibmcloud.com/vulnerabilities/63344 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |