 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.880645 |
| Categoría: | CentOS Local Security Checks |
| Título: | CentOS Update for systemtap CESA-2010:0894 centos5 i386 |
| Resumen: | The remote host is missing an update for the 'systemtap'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'systemtap' package(s) announced via the referenced advisory. Vulnerability Insight: SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules (for example, loading them). It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-4170) It was discovered that staprun did not check if the module to be unloaded was previously loaded by SystemTap. A local, unprivileged user could use this flaw to unload an arbitrary kernel module that was not in use. (CVE-2010-4171) Note: After installing this update, users already in the stapdev group must be added to the stapusr group in order to be able to run the staprun tool. Red Hat would like to thank Tavis Ormandy for reporting these issues. SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues. Affected Software/OS: systemtap on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4170 1024754 http://www.securitytracker.com/id?1024754 15620 http://www.exploit-db.com/exploits/15620 42256 http://secunia.com/advisories/42256 42263 http://secunia.com/advisories/42263 42306 http://secunia.com/advisories/42306 42318 http://secunia.com/advisories/42318 44914 http://www.securityfocus.com/bid/44914 46730 https://www.exploit-db.com/exploits/46730/ 46920 http://secunia.com/advisories/46920 DSA-2348 http://www.debian.org/security/2011/dsa-2348 FEDORA-2010-17865 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html FEDORA-2010-17868 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html FEDORA-2010-17873 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html RHSA-2010:0894 http://www.redhat.com/support/errata/RHSA-2010-0894.html RHSA-2010:0895 http://www.redhat.com/support/errata/RHSA-2010-0895.html [systemtap] 20101117 important systemtap security fix http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2 systemtap-staprun-priv-escalation(63344) https://exchange.xforce.ibmcloud.com/vulnerabilities/63344 Common Vulnerability Exposure (CVE) ID: CVE-2010-4171 44917 http://www.securityfocus.com/bid/44917 https://bugzilla.redhat.com/show_bug.cgi?id=653606 systemtap-staprunmod-dos(63345) https://exchange.xforce.ibmcloud.com/vulnerabilities/63345 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |