First published: Tue Dec 07 2010(Updated: )
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Systemtap Systemtap | =1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.