CVE-2010-4171

Name of the Vulnerable Software and Affected Versions systemtap versions 1.1 through 1.2 systemtap-client versions 1.1 through 1.2 systemtap-initscript version 1.1 systemtap-server version 1.1 systemtap-sdt-devel version 1.1 systemtap-runtime version 1.1 systemtap-testsuite version 1.1 systemtap-debuginfo version 1.2

Description The issue affects the systemtap package and its components in Red Hat Enterprise Linux and CentOS operating systems. Multiple vulnerabilities in these packages can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out locally. According to Mitre, the staprun runtime tool in SystemTap does not verify that a module to unload was previously loaded by SystemTap, allowing local users to cause a denial of service by unloading arbitrary kernel modules.

Recommendations For systemtap versions 1.1 through 1.2, consider disabling the vulnerable components until a patch is available. For systemtap-client versions 1.1 through 1.2, restrict access to minimize the risk of exploitation. For systemtap-initscript version 1.1, systemtap-server version 1.1, systemtap-sdt-devel version 1.1, systemtap-runtime version 1.1, systemtap-testsuite version 1.1, and systemtap-debuginfo version 1.2, apply configuration changes to prevent local exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.