Moderate: systemtap security update
| Advisory: | RHSA-2010:0895-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2010-11-17 |
| Last updated on: | 2010-11-17 |
| Affected Products: | Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux AS (v. 4.8.z) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux ES (v. 4.8.z) Red Hat Enterprise Linux WS (v. 4) |
| CVEs (cve.mitre.org): |
CVE-2010-4170 |
Details
Updated systemtap packages that fix one security issue are now available
for Red Hat Enterprise Linux 4.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
SystemTap is an instrumentation system for systems running the Linux
kernel, version 2.6. Developers can write scripts to collect data on the
operation of the system. staprun, the SystemTap runtime tool, is used for
managing SystemTap kernel modules (for example, loading them).
It was discovered that staprun did not properly sanitize the environment
before executing the modprobe command to load an additional kernel module.
A local, unprivileged user could use this flaw to escalate their
privileges. (CVE-2010-4170)
Note: On Red Hat Enterprise Linux 4, an attacker must be a member of the
stapusr group to exploit this issue. Also note that, after installing this
update, users already in the stapdev group must be added to the stapusr
group in order to be able to run the staprun tool.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
SystemTap users should upgrade to these updated packages, which contain
a backported patch to correct this issue.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| Red Hat Desktop (v. 4) | |
| SRPMS: | |
| systemtap-0.6.2-2.el4_8.3.src.rpm File outdated by: RHBA-2011:0929 |
MD5: 6e0a46dde80cdf7aa37239ea11136885 SHA-256: e1463ba8f1ab61648237ab95c9229ba96629025fcaf4d9dacc9138965342b3fc |
| IA-32: | |
| systemtap-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 089fbc5db6bd2ad4ba56c47fc28592de SHA-256: ca91f2377edee990cab646d8281c390c2a87f3b71323f9e4f8bf48512e076f6b |
| systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: f66897752ef53a9a877d93ecd1894e0e SHA-256: a6aa4d4522b6c0420564f6acf25e82aab1648b2420f38d4904eac738e55c9502 |
| systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 91a4608c1d420913295fda48d0a4be3b SHA-256: 92e367dd07e81dfa7d038eb5c07f2391e92d3c4782de85d9d9616b4dd25c6b5e |
| x86_64: | |
| systemtap-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 8c35f974606f36fd15a9a70e47c9aae8 SHA-256: ca118064d8a897266363e01b293011ad9a417fa27c88bc3c2fa416fe7dfd38e5 |
| systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: f04c5936bb5e4a079b58104d1a01a78d SHA-256: 0cca244ab06ea44d8ee7e370a4ee16b067a7a2f1174a2d90ecd7be9743b64926 |
| systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 630aa31408ff85f57310e69b6a9447dd SHA-256: 835945a64f20cce3fa0f569df53b8569ad9c2c2c247b85f423ace601ebc74285 |
| Red Hat Enterprise Linux AS (v. 4) | |
| SRPMS: | |
| systemtap-0.6.2-2.el4_8.3.src.rpm File outdated by: RHBA-2011:0929 |
MD5: 6e0a46dde80cdf7aa37239ea11136885 SHA-256: e1463ba8f1ab61648237ab95c9229ba96629025fcaf4d9dacc9138965342b3fc |
| IA-32: | |
| systemtap-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 089fbc5db6bd2ad4ba56c47fc28592de SHA-256: ca91f2377edee990cab646d8281c390c2a87f3b71323f9e4f8bf48512e076f6b |
| systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: f66897752ef53a9a877d93ecd1894e0e SHA-256: a6aa4d4522b6c0420564f6acf25e82aab1648b2420f38d4904eac738e55c9502 |
| systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 91a4608c1d420913295fda48d0a4be3b SHA-256: 92e367dd07e81dfa7d038eb5c07f2391e92d3c4782de85d9d9616b4dd25c6b5e |
| IA-64: | |
| systemtap-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: a874faed88faa5842477cd712f89fc7c SHA-256: ac2461c1c1580b27d2082512de0d2d920c9acfef984b3e5ff25271627b52fc78 |
| systemtap-runtime-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: b40f55e3edd1974802e43212ad984d48 SHA-256: 293ae9c617c989894223119f9a3cb518457490a092fe80df195da2ee0f157230 |
| systemtap-testsuite-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: dc3783a380b07315dd912d97bdd9cd3a SHA-256: 5a2e145fd343d8495d47be9c70dd3e8852bca74819c992b2f801cb5c3295c4c9 |
| PPC: | |
| systemtap-0.6.2-2.el4_8.3.ppc64.rpm File outdated by: RHBA-2011:0929 |
MD5: 0761c53ce665c454e2fab12e20705d89 SHA-256: 58a1f556c2c047699246184cfc63b6998af776134218fd56c4e0a0420ba66ea1 |
| systemtap-runtime-0.6.2-2.el4_8.3.ppc64.rpm File outdated by: RHBA-2011:0929 |
MD5: 078bfe8f9ce6bfabdbf3407abecee87f SHA-256: 81c786acdd7851071e06888cdae417f7db99d388c61ed39312f39c293b02453c |
| systemtap-testsuite-0.6.2-2.el4_8.3.ppc64.rpm File outdated by: RHBA-2011:0929 |
MD5: 0458699731432e28703a5bb5109f96ee SHA-256: 50c1847e6f47e486dfc500cb3da744802dd3a344365696c0d800578ce814773a |
| x86_64: | |
| systemtap-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 8c35f974606f36fd15a9a70e47c9aae8 SHA-256: ca118064d8a897266363e01b293011ad9a417fa27c88bc3c2fa416fe7dfd38e5 |
| systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: f04c5936bb5e4a079b58104d1a01a78d SHA-256: 0cca244ab06ea44d8ee7e370a4ee16b067a7a2f1174a2d90ecd7be9743b64926 |
| systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 630aa31408ff85f57310e69b6a9447dd SHA-256: 835945a64f20cce3fa0f569df53b8569ad9c2c2c247b85f423ace601ebc74285 |
| Red Hat Enterprise Linux AS (v. 4.8.z) | |
| SRPMS: | |
| systemtap-0.6.2-2.el4_8.3.src.rpm File outdated by: RHBA-2011:0929 |
MD5: 6e0a46dde80cdf7aa37239ea11136885 SHA-256: e1463ba8f1ab61648237ab95c9229ba96629025fcaf4d9dacc9138965342b3fc |
| IA-32: | |
| systemtap-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 089fbc5db6bd2ad4ba56c47fc28592de SHA-256: ca91f2377edee990cab646d8281c390c2a87f3b71323f9e4f8bf48512e076f6b |
| systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: f66897752ef53a9a877d93ecd1894e0e SHA-256: a6aa4d4522b6c0420564f6acf25e82aab1648b2420f38d4904eac738e55c9502 |
| systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 91a4608c1d420913295fda48d0a4be3b SHA-256: 92e367dd07e81dfa7d038eb5c07f2391e92d3c4782de85d9d9616b4dd25c6b5e |
| IA-64: | |
| systemtap-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: a874faed88faa5842477cd712f89fc7c SHA-256: ac2461c1c1580b27d2082512de0d2d920c9acfef984b3e5ff25271627b52fc78 |
| systemtap-runtime-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: b40f55e3edd1974802e43212ad984d48 SHA-256: 293ae9c617c989894223119f9a3cb518457490a092fe80df195da2ee0f157230 |
| systemtap-testsuite-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: dc3783a380b07315dd912d97bdd9cd3a SHA-256: 5a2e145fd343d8495d47be9c70dd3e8852bca74819c992b2f801cb5c3295c4c9 |
| PPC: | |
| systemtap-0.6.2-2.el4_8.3.ppc64.rpm File outdated by: RHBA-2011:0929 |
MD5: 0761c53ce665c454e2fab12e20705d89 SHA-256: 58a1f556c2c047699246184cfc63b6998af776134218fd56c4e0a0420ba66ea1 |
| systemtap-runtime-0.6.2-2.el4_8.3.ppc64.rpm File outdated by: RHBA-2011:0929 |
MD5: 078bfe8f9ce6bfabdbf3407abecee87f SHA-256: 81c786acdd7851071e06888cdae417f7db99d388c61ed39312f39c293b02453c |
| systemtap-testsuite-0.6.2-2.el4_8.3.ppc64.rpm File outdated by: RHBA-2011:0929 |
MD5: 0458699731432e28703a5bb5109f96ee SHA-256: 50c1847e6f47e486dfc500cb3da744802dd3a344365696c0d800578ce814773a |
| x86_64: | |
| systemtap-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 8c35f974606f36fd15a9a70e47c9aae8 SHA-256: ca118064d8a897266363e01b293011ad9a417fa27c88bc3c2fa416fe7dfd38e5 |
| systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: f04c5936bb5e4a079b58104d1a01a78d SHA-256: 0cca244ab06ea44d8ee7e370a4ee16b067a7a2f1174a2d90ecd7be9743b64926 |
| systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 630aa31408ff85f57310e69b6a9447dd SHA-256: 835945a64f20cce3fa0f569df53b8569ad9c2c2c247b85f423ace601ebc74285 |
| Red Hat Enterprise Linux ES (v. 4) | |
| SRPMS: | |
| systemtap-0.6.2-2.el4_8.3.src.rpm File outdated by: RHBA-2011:0929 |
MD5: 6e0a46dde80cdf7aa37239ea11136885 SHA-256: e1463ba8f1ab61648237ab95c9229ba96629025fcaf4d9dacc9138965342b3fc |
| IA-32: | |
| systemtap-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 089fbc5db6bd2ad4ba56c47fc28592de SHA-256: ca91f2377edee990cab646d8281c390c2a87f3b71323f9e4f8bf48512e076f6b |
| systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: f66897752ef53a9a877d93ecd1894e0e SHA-256: a6aa4d4522b6c0420564f6acf25e82aab1648b2420f38d4904eac738e55c9502 |
| systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 91a4608c1d420913295fda48d0a4be3b SHA-256: 92e367dd07e81dfa7d038eb5c07f2391e92d3c4782de85d9d9616b4dd25c6b5e |
| IA-64: | |
| systemtap-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: a874faed88faa5842477cd712f89fc7c SHA-256: ac2461c1c1580b27d2082512de0d2d920c9acfef984b3e5ff25271627b52fc78 |
| systemtap-runtime-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: b40f55e3edd1974802e43212ad984d48 SHA-256: 293ae9c617c989894223119f9a3cb518457490a092fe80df195da2ee0f157230 |
| systemtap-testsuite-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: dc3783a380b07315dd912d97bdd9cd3a SHA-256: 5a2e145fd343d8495d47be9c70dd3e8852bca74819c992b2f801cb5c3295c4c9 |
| x86_64: | |
| systemtap-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 8c35f974606f36fd15a9a70e47c9aae8 SHA-256: ca118064d8a897266363e01b293011ad9a417fa27c88bc3c2fa416fe7dfd38e5 |
| systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: f04c5936bb5e4a079b58104d1a01a78d SHA-256: 0cca244ab06ea44d8ee7e370a4ee16b067a7a2f1174a2d90ecd7be9743b64926 |
| systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 630aa31408ff85f57310e69b6a9447dd SHA-256: 835945a64f20cce3fa0f569df53b8569ad9c2c2c247b85f423ace601ebc74285 |
| Red Hat Enterprise Linux ES (v. 4.8.z) | |
| SRPMS: | |
| systemtap-0.6.2-2.el4_8.3.src.rpm File outdated by: RHBA-2011:0929 |
MD5: 6e0a46dde80cdf7aa37239ea11136885 SHA-256: e1463ba8f1ab61648237ab95c9229ba96629025fcaf4d9dacc9138965342b3fc |
| IA-32: | |
| systemtap-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 089fbc5db6bd2ad4ba56c47fc28592de SHA-256: ca91f2377edee990cab646d8281c390c2a87f3b71323f9e4f8bf48512e076f6b |
| systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: f66897752ef53a9a877d93ecd1894e0e SHA-256: a6aa4d4522b6c0420564f6acf25e82aab1648b2420f38d4904eac738e55c9502 |
| systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 91a4608c1d420913295fda48d0a4be3b SHA-256: 92e367dd07e81dfa7d038eb5c07f2391e92d3c4782de85d9d9616b4dd25c6b5e |
| IA-64: | |
| systemtap-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: a874faed88faa5842477cd712f89fc7c SHA-256: ac2461c1c1580b27d2082512de0d2d920c9acfef984b3e5ff25271627b52fc78 |
| systemtap-runtime-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: b40f55e3edd1974802e43212ad984d48 SHA-256: 293ae9c617c989894223119f9a3cb518457490a092fe80df195da2ee0f157230 |
| systemtap-testsuite-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: dc3783a380b07315dd912d97bdd9cd3a SHA-256: 5a2e145fd343d8495d47be9c70dd3e8852bca74819c992b2f801cb5c3295c4c9 |
| x86_64: | |
| systemtap-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 8c35f974606f36fd15a9a70e47c9aae8 SHA-256: ca118064d8a897266363e01b293011ad9a417fa27c88bc3c2fa416fe7dfd38e5 |
| systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: f04c5936bb5e4a079b58104d1a01a78d SHA-256: 0cca244ab06ea44d8ee7e370a4ee16b067a7a2f1174a2d90ecd7be9743b64926 |
| systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 630aa31408ff85f57310e69b6a9447dd SHA-256: 835945a64f20cce3fa0f569df53b8569ad9c2c2c247b85f423ace601ebc74285 |
| Red Hat Enterprise Linux WS (v. 4) | |
| SRPMS: | |
| systemtap-0.6.2-2.el4_8.3.src.rpm File outdated by: RHBA-2011:0929 |
MD5: 6e0a46dde80cdf7aa37239ea11136885 SHA-256: e1463ba8f1ab61648237ab95c9229ba96629025fcaf4d9dacc9138965342b3fc |
| IA-32: | |
| systemtap-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 089fbc5db6bd2ad4ba56c47fc28592de SHA-256: ca91f2377edee990cab646d8281c390c2a87f3b71323f9e4f8bf48512e076f6b |
| systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: f66897752ef53a9a877d93ecd1894e0e SHA-256: a6aa4d4522b6c0420564f6acf25e82aab1648b2420f38d4904eac738e55c9502 |
| systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm File outdated by: RHBA-2011:0929 |
MD5: 91a4608c1d420913295fda48d0a4be3b SHA-256: 92e367dd07e81dfa7d038eb5c07f2391e92d3c4782de85d9d9616b4dd25c6b5e |
| IA-64: | |
| systemtap-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: a874faed88faa5842477cd712f89fc7c SHA-256: ac2461c1c1580b27d2082512de0d2d920c9acfef984b3e5ff25271627b52fc78 |
| systemtap-runtime-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: b40f55e3edd1974802e43212ad984d48 SHA-256: 293ae9c617c989894223119f9a3cb518457490a092fe80df195da2ee0f157230 |
| systemtap-testsuite-0.6.2-2.el4_8.3.ia64.rpm File outdated by: RHBA-2011:0929 |
MD5: dc3783a380b07315dd912d97bdd9cd3a SHA-256: 5a2e145fd343d8495d47be9c70dd3e8852bca74819c992b2f801cb5c3295c4c9 |
| x86_64: | |
| systemtap-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 8c35f974606f36fd15a9a70e47c9aae8 SHA-256: ca118064d8a897266363e01b293011ad9a417fa27c88bc3c2fa416fe7dfd38e5 |
| systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: f04c5936bb5e4a079b58104d1a01a78d SHA-256: 0cca244ab06ea44d8ee7e370a4ee16b067a7a2f1174a2d90ecd7be9743b64926 |
| systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm File outdated by: RHBA-2011:0929 |
MD5: 630aa31408ff85f57310e69b6a9447dd SHA-256: 835945a64f20cce3fa0f569df53b8569ad9c2c2c247b85f423ace601ebc74285 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
653604 - CVE-2010-4170 Systemtap: Insecure loading of modules
References
https://www.redhat.com/security/data/cve/CVE-2010-4170.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
