Test ID:	1.3.6.1.4.1.25623.1.0.70564
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2348-1)
Summary:	The remote host is missing an update for the Debian 'systemtap' package(s) announced via the DSA-2348-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'systemtap' package(s) announced via the DSA-2348-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux: CVE-2011-2503 It was discovered that a race condition in staprun could lead to privilege escalation. CVE-2010-4170 It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation. CVE-2010-4171 It was discovered that insufficient validation of module unloading could lead to denial of service. For the stable distribution (squeeze), this problem has been fixed in version 1.2-5+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 1.6-1. We recommend that you upgrade your systemtap packages. Affected Software/OS: 'systemtap' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4170 1024754 http://www.securitytracker.com/id?1024754 15620 http://www.exploit-db.com/exploits/15620 42256 http://secunia.com/advisories/42256 42263 http://secunia.com/advisories/42263 42306 http://secunia.com/advisories/42306 42318 http://secunia.com/advisories/42318 44914 http://www.securityfocus.com/bid/44914 46730 https://www.exploit-db.com/exploits/46730/ 46920 http://secunia.com/advisories/46920 DSA-2348 http://www.debian.org/security/2011/dsa-2348 FEDORA-2010-17865 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html FEDORA-2010-17868 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html FEDORA-2010-17873 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html RHSA-2010:0894 http://www.redhat.com/support/errata/RHSA-2010-0894.html RHSA-2010:0895 http://www.redhat.com/support/errata/RHSA-2010-0895.html [systemtap] 20101117 important systemtap security fix http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2 systemtap-staprun-priv-escalation(63344) https://exchange.xforce.ibmcloud.com/vulnerabilities/63344 Common Vulnerability Exposure (CVE) ID: CVE-2010-4171 44917 http://www.securityfocus.com/bid/44917 https://bugzilla.redhat.com/show_bug.cgi?id=653606 systemtap-staprunmod-dos(63345) https://exchange.xforce.ibmcloud.com/vulnerabilities/63345 Common Vulnerability Exposure (CVE) ID: CVE-2011-2503 Debian Security Information: DSA-2348 (Google Search) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503 http://secunia.com/advisories/45377
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.