mailing list archives
Re: Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 28 Jul 2011 15:44:07 +0530
On 07/28/2011 03:34 PM, Tavis Ormandy wrote:
Interesting, I also looked at systemtap and found a local root
(CVE-2010-4170), but was under the impression we had agreed it should be
restricted to a privileged group?
I stopped looking because I concluded that had eliminated any security risk,
is that no longer the case?
I believe this does reduce the risk, but does not totally eliminate it.
Huzaifa Sidhpurwala / Red Hat Security Response Team