Executive Summary

Informations
NameCVE-2010-4171First vendor Publication2010-12-07
VendorCveLast vendor Modification2013-07-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score2.1Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4171

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22050
 
Oval ID: oval:org.mitre.oval:def:22050
Title: RHSA-2010:0894: systemtap security update (Important)
Description: The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).
Family: unix Class: patch
Reference(s): RHSA-2010:0894-01
CESA-2010:0894
CVE-2010-4170
CVE-2010-4171
Version: 29
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): systemtap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23511
 
Oval ID: oval:org.mitre.oval:def:23511
Title: ELSA-2010:0894: systemtap security update (Important)
Description: The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).
Family: unix Class: patch
Reference(s): ELSA-2010:0894-01
CVE-2010-4170
CVE-2010-4171
Version: 13
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): systemtap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22608
 
Oval ID: oval:org.mitre.oval:def:22608
Title: DEPRECATED: ELSA-2010:0894: systemtap security update (Important)
Description: The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).
Family: unix Class: patch
Reference(s): ELSA-2010:0894-01
CVE-2010-4170
CVE-2010-4171
Version: 14
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): systemtap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27763
 
Oval ID: oval:org.mitre.oval:def:27763
Title: ELSA-2010-0894 -- systemtap security update (important)
Description: [1.2-11.0.1.el6_0] - rebuild without docs - remove doc/SystemTap_Beginners_Guide/en-US in tarball [1.2-11] - CVE-2010-4170 - CVE-2010-4171
Family: unix Class: patch
Reference(s): ELSA-2010-0894
CVE-2010-4170
CVE-2010-4171
Version: 1
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): systemtap
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

ExploitDB Exploits

idDescription
2010-11-26Local Root Privilege Escalation Vulnerability in systemtap

OpenVAS Exploits

DateDescription
2012-02-11Name : Debian Security Advisory DSA 2348-1 (systemtap)
File : nvt/deb_2348_1.nasl
2011-08-09Name : CentOS Update for systemtap CESA-2010:0894 centos5 i386
File : nvt/gb_CESA-2010_0894_systemtap_centos5_i386.nasl
2011-06-03Name : Fedora Update for systemtap FEDORA-2011-7289
File : nvt/gb_fedora_2011_7289_systemtap_fc13.nasl
2011-06-03Name : Fedora Update for systemtap FEDORA-2011-7302
File : nvt/gb_fedora_2011_7302_systemtap_fc14.nasl
2010-12-02Name : Fedora Update for systemtap FEDORA-2010-17865
File : nvt/gb_fedora_2010_17865_systemtap_fc14.nasl
2010-11-23Name : Fedora Update for systemtap FEDORA-2010-17868
File : nvt/gb_fedora_2010_17868_systemtap_fc12.nasl
2010-11-23Name : Fedora Update for systemtap FEDORA-2010-17873
File : nvt/gb_fedora_2010_17873_systemtap_fc13.nasl
2010-11-23Name : RedHat Update for systemtap RHSA-2010:0894-01
File : nvt/gb_RHSA-2010_0894-01_systemtap.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
69490SystemTap /usr/bin/staprun Arbitrary Unused Module Unloading Local DoS

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0894.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101117_systemtap_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-11-22Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2348.nasl - Type : ACT_GATHER_INFO
2010-11-24Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0894.nasl - Type : ACT_GATHER_INFO
2010-11-19Name : The remote Fedora host is missing a security update.
File : fedora_2010-17865.nasl - Type : ACT_GATHER_INFO
2010-11-19Name : The remote Fedora host is missing a security update.
File : fedora_2010-17868.nasl - Type : ACT_GATHER_INFO
2010-11-19Name : The remote Fedora host is missing a security update.
File : fedora_2010-17873.nasl - Type : ACT_GATHER_INFO
2010-11-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0894.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/44917
CONFIRMhttp://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b412...
https://bugzilla.redhat.com/show_bug.cgi?id=653606
DEBIANhttp://www.debian.org/security/2011/dsa-2348
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/05111...
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05112...
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05112...
MLISThttp://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html
REDHAThttp://www.redhat.com/support/errata/RHSA-2010-0894.html
SECTRACKhttp://www.securitytracker.com/id?1024754
SECUNIAhttp://secunia.com/advisories/42256
http://secunia.com/advisories/42263
http://secunia.com/advisories/42318
http://secunia.com/advisories/46920
XFhttp://xforce.iss.net/xforce/xfdb/63345

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 10:58:31
  • Multiple Updates
2013-07-18 21:19:09
  • Multiple Updates
2013-05-10 23:36:31
  • Multiple Updates