Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.7
CVSSv2

CVE-2011-2503

Published: 26/07/2012 Updated: 07/11/2023
CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9
VMScore: 329
Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Systemtap

Vulnerability Summary

The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap prior to 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.

Vulnerable Product Search on Vulmon Subscribe to Product

systemtap systemtap 1.1

systemtap systemtap 1.2

systemtap systemtap 0.3

systemtap systemtap 0.9.5

systemtap systemtap 0.4

systemtap systemtap 0.6.2

systemtap systemtap 0.5.10

systemtap systemtap 0.8

systemtap systemtap 0.9

systemtap systemtap 0.5.14

systemtap systemtap 0.7.2

systemtap systemtap 0.9.8

systemtap systemtap 0.7

systemtap systemtap 0.5.12

systemtap systemtap

systemtap systemtap 0.5.4

systemtap systemtap 0.6

systemtap systemtap 0.5.7

systemtap systemtap 0.9.7

systemtap systemtap 1.4

systemtap systemtap 0.9.9

systemtap systemtap 0.5.8

systemtap systemtap 0.5.3

systemtap systemtap 0.2.2

systemtap systemtap 0.5.5

systemtap systemtap 0.5.13

systemtap systemtap 0.5.9

systemtap systemtap 1.0

systemtap systemtap 1.3

systemtap systemtap 0.5

Vendor Advisories

Debian CVElist Bug Report Logs: systemtap can be used to crash the system
Debian Bug report logs - #628819 systemtap can be used to crash the system Package: systemtap; Maintainer for systemtap is Ritesh Raj Sarraf <rrs@debianorg>; Source for systemtap is src:systemtap (PTS, buildd, popcon) Reported by: "Thijs Kinkhorst" <thijs@debianorg> Date: Wed, 1 Jun 2011 16:00:02 UTC Severity: se ...
Debian CVElist Bug Report Logs: Two privilege escalation issues (CVE-2011-2502 and CVE-2011-2503)
Debian Bug report logs - #635542 Two privilege escalation issues (CVE-2011-2502 and CVE-2011-2503) Package: systemtap; Maintainer for systemtap is Ritesh Raj Sarraf <rrs@debianorg>; Source for systemtap is src:systemtap (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 26 Jul 2011 20: ...
Debian Security Advisories: DSA-2348-1 systemtap -- several vulnerabilities
Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux: CVE-2011-2503 It was discovered that a race condition in staprun could lead to privilege escalation CVE-2010-4170 It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation CVE-2010-41 ...

References

CWE-20http://www.debian.org/security/2011/dsa-2348https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503http://secunia.com/advisories/45377http://secunia.com/advisories/46920http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commitdiff%3Bh=ed51cfa24ca27746ab09b59280b94117dd58cba3http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=blob%3Bf=NEWS%3Bhb=304d73b1fea24af791f2a129fb141c5009eae6a8https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628819https://www.debian.org/security/./dsa-2348
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook