CVE-2011-2503
Published: 26 July 2012
The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.
Priority
Status
Package | Release | Status |
---|---|---|
systemtap Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(1.6-1ubuntu1)
|
|
quantal |
Not vulnerable
(1.7-1ubuntu1)
|
|
raring |
Not vulnerable
(2.1-1~experimental1)
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://lists.debian.org/debian-security-announce/2011/msg00228.html |