Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503
From: Tavis Ormandy <taviso () cmpxchg8b com>
Date: Thu, 28 Jul 2011 12:04:54 +0200

Vincent Danen <vdanen () redhat com> wrote:

This is just a heads up to notify those who are shipping systemtap that
two flaws were found that could allow members of group stapusr to elevate
their privileges:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2502
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503


Interesting, I also looked at systemtap and found a local root
(CVE-2010-4170), but was under the impression we had agreed it should be
restricted to a privileged group?

https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/systemtap-2010-11-18

I stopped looking because I concluded that had eliminated any security risk,
is that no longer the case?

(I dont have an up to date RHEL machine to check)


Tavis.


-- 
-------------------------------------
taviso () cmpxchg8b com | pgp encrypted mail preferred
-------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault