Published: 07/12/2010 Updated: 13/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).

Vulnerable Product	Search on Vulmon	Subscribe to Product
systemtap systemtap 1.3

Debian Bug report logs - #603946 CVE-2010-4170 and CVE-2010-4171 Package: systemtap; Maintainer for systemtap is Ritesh Raj Sarraf <rrs@debianorg>; Source for systemtap is src:systemtap (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 18 Nov 2010 18:42:02 UTC Severity: grave Tags: s ...

Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux: CVE-2011-2503 It was discovered that a race condition in staprun could lead to privilege escalation CVE-2010-4170 It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation CVE-2010-41 ...

CWE-20 http://secunia.com/advisories/42256 http://www.securitytracker.com/id?1024754 http://www.securityfocus.com/bid/44917 http://www.redhat.com/support/errata/RHSA-2010-0894.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html https://bugzilla.redhat.com/show_bug.cgi?id=653606 http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html http://secunia.com/advisories/42318 http://secunia.com/advisories/42263 http://secunia.com/advisories/46920 http://www.debian.org/security/2011/dsa-2348 https://exchange.xforce.ibmcloud.com/vulnerabilities/63345 http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603946 https://www.debian.org/security/./dsa-2348

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-4171

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect