Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-2502

runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument.

Related bugs and status

CVE-2011-2502 (Candidate) is related to these bugs:

Bug #876855: Please merge systemtap 1.6-1 (universe) from Debian testing

Summary				In	Importance	Status
	876855	Please merge systemtap 1.6-1 (universe) from Debian testing		systemtap (Ubuntu)	Undecided	Fix Released

Bug #1203590: [MIR] systemtap

Summary				In	Importance	Status
	1203590	[MIR] systemtap		systemtap (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
CONFIRM: http://sources.redhat....
CONFIRM: http://sources.redhat....
SECUNIA: 45377