Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-2503

The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.

Related bugs and status

CVE-2011-2503 (Candidate) is related to these bugs:

Bug #876855: Please merge systemtap 1.6-1 (universe) from Debian testing

Summary				In	Importance	Status
	876855	Please merge systemtap 1.6-1 (universe) from Debian testing		systemtap (Ubuntu)	Undecided	Fix Released

Bug #1203590: [MIR] systemtap

Summary				In	Importance	Status
	1203590	[MIR] systemtap		systemtap (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
CONFIRM: http://sources.redhat....
CONFIRM: http://sources.redhat....
DEBIAN: DSA-2348
SECUNIA: 45377
SECUNIA: 46920