Red Hat Customer Portal

Skip to main content

CVE-2011-2503

The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.

Details Source

Mitre

Public Date

2011-07-25 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-2503 systemtap: signed module loading race condition

Bugzilla ID

716 489

CVSS Status

verified

Base Score

6.00

Base Metrics

AV:L/AC:H/Au:S/C:C/I:C/A:C

External References

http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commitdiff;h=ed51cfa24ca27746ab09b59280b94117dd58cba3

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (systemtap) RHSA-2011:1089 2011-07-25
Red Hat Enterprise Linux 6 (systemtap) RHSA-2011:1088 2011-07-25

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 4 systemtap Will not fix