Bug 716476 (CVE-2011-2502)

Summary: CVE-2011-2502 systemtap: insufficient security check when loading uprobes kernel module
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dsmith, fche, jistone, mjw, scox, security-response-team, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: public=20110725,reported=20110623,source=customer,impact=moderate,cvss2=6.8/AV:L/AC:L/Au:S/C:C/I:C/A:C,rhel-4/systemtap=notaffected,rhel-5/systemtap=notaffected,rhel-6/systemtap=affected,fedora-all/systemtap=affected
Fixed In Version: systemtap 1.6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-03 15:44:45 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 717594, 717596, 725578    
Bug Blocks: 716497    
Description Flags
Don't allow path-based auth for uprobes none

Description Jan Lieskovsky 2011-06-24 11:26:45 EDT
It was found that systemtap runtime tool (staprun) did not properly enforce
the module's path sanity check, when the ad-hoc module instrumentation via
user-space probing with user-specified module path was requested. A local
user, member of the 'stapusr' group could use this flaw to escalate their
Comment 1 Jan Lieskovsky 2011-06-24 11:32:22 EDT
This issue did NOT affect the versions of the systemtap package, as shipped
with Red Hat Enterprise Linux 4 and 5 as they do not provide support for
loading of user-space probing modules from user-specified locations yet.


This issue affects the version of the systemtap package, as shipped with
Red Hat Enterprise Linux 6.


This issue affects the versions of the systemtap package, as shipped with
Fedora release of 14 and 15.
Comment 3 Josh Stone 2011-06-25 01:23:40 EDT
Created attachment 509874 [details]
Don't allow path-based auth for uprobes
Comment 8 Vincent Danen 2011-07-25 17:44:40 EDT
Created systemtap tracking bugs for this issue

Affects: fedora-all [bug 725578]
Comment 9 errata-xmlrpc 2011-07-25 17:46:37 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1088 https://rhn.redhat.com/errata/RHSA-2011-1088.html