PT-2011-1096 · Red Hat · Systemtap+1

Publicado

2011-07-25

Atualizado

2012-07-27

CVE-2011-2503

CVSS v2.0

4.4

Média

Vetor

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SystemTap versions prior to 1.6

Description The issue allows local users to gain privileges via a race condition between the signature validation and the module initialization in the insert module function. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerabilities can be carried out locally.

Recommendations For SystemTap versions prior to 1.6, update to version 1.6 or later to resolve the issue. As a temporary workaround, consider disabling the insert module function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2015-06055

BDU:2015-06058

BDU:2015-06060

BDU:2015-06061

BDU:2015-06063

BDU:2015-06065

BDU:2015-06067

BDU:2015-06069

BDU:2015-06071

CVE-2011-2503

DSA-2348-1

RHSA-2011:1088

RHSA-2011:1089

RHSA-2011_1088

RHSA-2011_1089

Produtos afetados

Red Hat

Systemtap

PT-2011-1096 · Red Hat · Systemtap+1

CVE-2011-2503

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27