CVE-2010-4170

Impact:
Important
Public Date:
2010-11-17
CWE:
CWE-284
Bugzilla:
653604: CVE-2010-4170 Systemtap: Insecure loading of modules

The MITRE CVE dictionary describes this issue as:

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.

Find out more about CVE-2010-4170 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 7.2
Base Metrics AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (systemtap) RHSA-2010:0894 2010-11-17
Red Hat Enterprise Linux 4 (systemtap) RHSA-2010:0895 2010-11-17
Red Hat Enterprise Linux 6 (systemtap) RHSA-2010:0894 2010-11-17

Acknowledgements

Red Hat would like to thank Tavis Ormandy for reporting this issue.

Mitigation

Last Modified

CVE description copyright © 2017, The MITRE Corporation