Launchpad CVE tracker

CVE 2010-4170

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.

Related bugs and status

CVE-2010-4170 (Candidate) is related to these bugs:

Bug #677226: CVE-2010-4170 and CVE-2010-4171: staprun module loading/unloading security fixes

		In	Importance	Status
677226	CVE-2010-4170 and CVE-2010-4171: staprun module loading/unloading security fixes	systemtap (Ubuntu)	High	Fix Released
677226	CVE-2010-4170 and CVE-2010-4171: staprun module loading/unloading security fixes	systemtap (Debian)	Unknown	Fix Released
677226	CVE-2010-4170 and CVE-2010-4171: staprun module loading/unloading security fixes	systemtap (Ubuntu Maverick)	High	Fix Released

Bug #721702: Please merge systemtap 1.3-2 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	721702	Please merge systemtap 1.3-2 (universe) from Debian unstable (main)		systemtap (Ubuntu)	Wishlist	Fix Released

Bug #1203590: [MIR] systemtap

Summary				In	Importance	Status
	1203590	[MIR] systemtap		systemtap (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-4170

References