The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
systemtap systemtap 1.3 |