Lucene search
HistoryJul 26, 2012 - 7:55 p.m.
CVE-2011-2502
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument.
Affected configurations
Node
systemtapsystemtapRange≤1.5
ORsystemtapsystemtapMatch0.2.2
ORsystemtapsystemtapMatch0.3
ORsystemtapsystemtapMatch0.4
ORsystemtapsystemtapMatch0.5
ORsystemtapsystemtapMatch0.5.3
ORsystemtapsystemtapMatch0.5.4
ORsystemtapsystemtapMatch0.5.5
ORsystemtapsystemtapMatch0.5.7
ORsystemtapsystemtapMatch0.5.8
ORsystemtapsystemtapMatch0.5.9
ORsystemtapsystemtapMatch0.5.10
ORsystemtapsystemtapMatch0.5.12
ORsystemtapsystemtapMatch0.5.13
ORsystemtapsystemtapMatch0.5.14
ORsystemtapsystemtapMatch0.6
ORsystemtapsystemtapMatch0.6.2
ORsystemtapsystemtapMatch0.7
ORsystemtapsystemtapMatch0.7.2
ORsystemtapsystemtapMatch0.8
ORsystemtapsystemtapMatch0.9
ORsystemtapsystemtapMatch0.9.5
ORsystemtapsystemtapMatch0.9.7
ORsystemtapsystemtapMatch0.9.8
ORsystemtapsystemtapMatch0.9.9
ORsystemtapsystemtapMatch1.0
ORsystemtapsystemtapMatch1.1
ORsystemtapsystemtapMatch1.2
ORsystemtapsystemtapMatch1.3
ORsystemtapsystemtapMatch1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| systemtap | systemtap | * | cpe:2.3:a:systemtap:systemtap:*:*:*:*:*:*:*:* |
| systemtap | systemtap | 0.2.2 | cpe:2.3:a:systemtap:systemtap:0.2.2:*:*:*:*:*:*:* |
| systemtap | systemtap | 0.3 | cpe:2.3:a:systemtap:systemtap:0.3:*:*:*:*:*:*:* |
| systemtap | systemtap | 0.4 | cpe:2.3:a:systemtap:systemtap:0.4:*:*:*:*:*:*:* |
| systemtap | systemtap | 0.5 | cpe:2.3:a:systemtap:systemtap:0.5:*:*:*:*:*:*:* |
| systemtap | systemtap | 0.5.3 | cpe:2.3:a:systemtap:systemtap:0.5.3:*:*:*:*:*:*:* |
| systemtap | systemtap | 0.5.4 | cpe:2.3:a:systemtap:systemtap:0.5.4:*:*:*:*:*:*:* |
| systemtap | systemtap | 0.5.5 | cpe:2.3:a:systemtap:systemtap:0.5.5:*:*:*:*:*:*:* |
| systemtap | systemtap | 0.5.7 | cpe:2.3:a:systemtap:systemtap:0.5.7:*:*:*:*:*:*:* |
| systemtap | systemtap | 0.5.8 | cpe:2.3:a:systemtap:systemtap:0.5.8:*:*:*:*:*:*:* |
References
Related
debiancve
debiancve
CVE-2011-2502
2022-10-03 16:15:16
seebug
seebug
SystemTap "staprun"权限提升安全漏洞
2011-07-28 00:00:00
cve
cve
CVE-2011-2502
2022-10-03 16:15:16
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:01:22
prion
prion
Design/Logic Flaw
2012-07-26 19:55:00
ubuntucve
ubuntucve
CVE-2011-2502
2012-07-26 00:00:00
cvelist
cvelist
CVE-2011-2502
2022-10-03 16:15:16
openvas
openvas
Fedora Update for systemtap FEDORA-2011-9739
2011-08-02 00:00:00
Fedora Update for systemtap FEDORA-2011-9739
2011-08-02 00:00:00
RedHat Update for systemtap RHSA-2011:1088-01
2012-06-06 00:00:00
nessus
nessus
Fedora 15 : systemtap-1.5-8.fc15 (2011-9722)
2011-08-01 00:00:00
Fedora 14 : systemtap-1.5-8.fc14 (2011-9739)
2011-08-01 00:00:00
RHEL 6 : systemtap (RHSA-2011:1088)
2011-07-26 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: systemtap-1.5-8.fc15
2011-07-31 03:56:29
[SECURITY] Fedora 14 Update: systemtap-1.5-8.fc14
2011-07-31 04:04:50
[SECURITY] Fedora 15 Update: systemtap-1.7-2.fc15
2012-02-25 08:35:45
redhat
redhat
(RHSA-2011:1088) Moderate: systemtap security update
2011-07-25 00:00:00
oraclelinux
oraclelinux
systemtap security update
2011-07-25 00:00:00
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2011-2502