Skip to navigation

CVE Database

CVE-2011-2503

Impact: Moderate
Public: 2011-07-25
Bugzilla: 716489: CVE-2011-2503 systemtap: signed module loading race condition

Details

The MITRE CVE dictionary describes this issue as:

The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.

Find out more about CVE-2011-2503 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 6.0
Base Metrics: AV:L/AC:H/Au:S/C:C/I:C/A:C
Access Vector: Local
Access Complexity: High
Authentication: Single Instance
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 5 (systemtap) RHSA-2011:1089 July 25, 2011
Red Hat Enterprise Linux version 6 (systemtap) RHSA-2011:1088 July 25, 2011

External References

http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commitdiff;h=ed51cfa24ca27746ab09b59280b94117dd58cba3

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.