Bug 716476 (CVE-2011-2502)
Summary: | CVE-2011-2502 systemtap: insufficient security check when loading uprobes kernel module | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | dsmith, fche, jistone, mjw, scox, security-response-team, vdanen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | systemtap 1.6 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-02-03 20:44:45 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 717594, 717596, 725578 | ||||||
Bug Blocks: | 716497 | ||||||
Attachments: |
|
Description
Jan Lieskovsky
2011-06-24 15:26:45 UTC
This issue did NOT affect the versions of the systemtap package, as shipped with Red Hat Enterprise Linux 4 and 5 as they do not provide support for loading of user-space probing modules from user-specified locations yet. -- This issue affects the version of the systemtap package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the systemtap package, as shipped with Fedora release of 14 and 15. Created attachment 509874 [details]
Don't allow path-based auth for uprobes
Created systemtap tracking bugs for this issue Affects: fedora-all [bug 725578] This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1088 https://rhn.redhat.com/errata/RHSA-2011-1088.html |