Bug 702914 (CVE-2011-2502) - VUL-0: CVE-2011-2502: systemtap allows to load untrusted modules
Summary: VUL-0: CVE-2011-2502: systemtap allows to load untrusted modules
Status: RESOLVED INVALID
Alias: CVE-2011-2502
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Tony Jones
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-29 11:51 UTC by Ludwig Nussel
Modified: 2021-08-11 09:33 UTC (History)
2 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2011-06-29 11:51:12 UTC 
Your friendly security team received the following report via vendor-sec.
Please respond ASAP.
This issue is not public yet, please keep any information about it inside SUSE.
Note that build.opensuse.org *cannot* be used to prepare embargoed updates.

CVE-2011-2502

It was found that systemtap runtime tool (staprun) did not properly enforce
the module's path sanity check, when the ad-hoc module instrumentation via
user-space probing with user-specified module path was requested. A local
user, member of the 'stapusr' group could use this flaw to escalate their
privileges.
Comment 1 Ludwig Nussel 2011-06-29 11:59:04 UTC 
CRD 7.7.

We are not affected as staprun is not setuid root
Comment 2 Tony Jones 2011-06-29 17:01:54 UTC 
(In reply to comment #1)
> CRD 7.7.
> 
> We are not affected as staprun is not setuid root

And I'm glad noone has ever requested we make it suid.
Comment 3 Ludwig Nussel 2011-07-04 13:04:25 UTC 
closing invalid