 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.68542 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2010:0895 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2010:0895. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules (for example, loading them). It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-4170) Note: On Red Hat Enterprise Linux 4, an attacker must be a member of the stapusr group to exploit this issue. Also note that, after installing this update, users already in the stapdev group must be added to the stapusr group in order to be able to run the staprun tool. Red Hat would like to thank Tavis Ormandy for reporting this issue. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0895.html Risk factor : High CVSS Score: 7.2 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4170 1024754 http://www.securitytracker.com/id?1024754 15620 http://www.exploit-db.com/exploits/15620 42256 http://secunia.com/advisories/42256 42263 http://secunia.com/advisories/42263 42306 http://secunia.com/advisories/42306 42318 http://secunia.com/advisories/42318 44914 http://www.securityfocus.com/bid/44914 46730 https://www.exploit-db.com/exploits/46730/ 46920 http://secunia.com/advisories/46920 DSA-2348 http://www.debian.org/security/2011/dsa-2348 FEDORA-2010-17865 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html FEDORA-2010-17868 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html FEDORA-2010-17873 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html RHSA-2010:0894 http://www.redhat.com/support/errata/RHSA-2010-0894.html RHSA-2010:0895 http://www.redhat.com/support/errata/RHSA-2010-0895.html [systemtap] 20101117 important systemtap security fix http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2 systemtap-staprun-priv-escalation(63344) https://exchange.xforce.ibmcloud.com/vulnerabilities/63344 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |