It was found that systemtap runtime tool (staprun) did not handle the loading of user specified modules securely. A local attacker could use this flaw to escalate their privileges. References: [1] http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html Upstream changeset: [2] http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2 Acknowledgements: Red Hat would like to thank Tavis Ormandy for reporting this issue.
This issue affects the versions of the systemtap package, as shipped with Red Hat Enterprise Linux 4, 5 and 6. -- This issue affects the versions of the systemtap package, as shipped with Fedora release of 12 and 13.
The CVE identifier of CVE-2010-4170 has been assigned to this issue.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2010:0894 https://rhn.redhat.com/errata/RHSA-2010-0894.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0895 https://rhn.redhat.com/errata/RHSA-2010-0895.html
Created systemtap tracking bugs for this issue Affects: fedora-all [bug 654318]