FKIE_CVE-2011-2503

Vulnerability from fkie_nvd - Published: 2012-07-26 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.
References
secalert@redhat.comhttp://secunia.com/advisories/45377Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/46920Vendor Advisory
secalert@redhat.comhttp://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=blob%3Bf=NEWS%3Bhb=304d73b1fea24af791f2a129fb141c5009eae6a8
secalert@redhat.comhttp://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commitdiff%3Bh=ed51cfa24ca27746ab09b59280b94117dd58cba3
secalert@redhat.comhttp://www.debian.org/security/2011/dsa-2348
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45377Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46920Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=blob%3Bf=NEWS%3Bhb=304d73b1fea24af791f2a129fb141c5009eae6a8
af854a3a-2127-422b-91ae-364da2661108http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commitdiff%3Bh=ed51cfa24ca27746ab09b59280b94117dd58cba3
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2348
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503
Impacted products
Vendor Product Version
systemtap systemtap *
systemtap systemtap 0.2.2
systemtap systemtap 0.3
systemtap systemtap 0.4
systemtap systemtap 0.5
systemtap systemtap 0.5.3
systemtap systemtap 0.5.4
systemtap systemtap 0.5.5
systemtap systemtap 0.5.7
systemtap systemtap 0.5.8
systemtap systemtap 0.5.9
systemtap systemtap 0.5.10
systemtap systemtap 0.5.12
systemtap systemtap 0.5.13
systemtap systemtap 0.5.14
systemtap systemtap 0.6
systemtap systemtap 0.6.2
systemtap systemtap 0.7
systemtap systemtap 0.7.2
systemtap systemtap 0.8
systemtap systemtap 0.9
systemtap systemtap 0.9.5
systemtap systemtap 0.9.7
systemtap systemtap 0.9.8
systemtap systemtap 0.9.9
systemtap systemtap 1.0
systemtap systemtap 1.1
systemtap systemtap 1.2
systemtap systemtap 1.3
systemtap systemtap 1.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44665B6E-F588-42BD-9901-268D4DD93BAF",
              "versionEndIncluding": "1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "04AE85B6-FE8D-4DD1-BECE-6B7146CF9D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E150AE05-60B4-4ECE-AEFA-3A230DAEBCA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FBF185-3189-40C2-B51B-2531F2D88602",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C62AFF32-856E-4EF9-A87F-C06B6FEEE31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57C746CB-8DFE-4795-931F-42050D7FBEB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "986B653D-5CF2-454C-A38F-172D2256E20C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8C63-D68F-4ACA-B0DC-1D9EF6A3BFA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD56E555-180D-45C3-9311-EFB32F480035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "74215553-AB86-4184-B3AB-D82B20275ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5044754F-66CD-4D17-8874-7303D9F2DCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC674046-FC4F-4262-8F71-4DEECAEC1A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A621722-6DD4-461D-AD74-461B9C10C772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5B77E9-F98C-4310-8D6A-E41A27CD559A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E9824F-8977-4CE6-BA05-E8899E41066E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF58A998-52F0-4BCA-9FF7-FCCC28E6FCE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2327CA9-5A80-4C86-BAF6-A9E3BB7085C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6627D143-6E8D-40DE-BBD0-308FF1B200D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1AE49CA-424E-4328-A348-98F2C847D8FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19E88BF9-1403-40F9-A64E-A1FEFEFC4E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E12D5C4-4BC6-4802-B5CE-5D5A41FB3B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FD4201A-64B5-4DCC-9696-BD0F8780D200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3FEDD7F-969D-422C-A899-9550EC52EBD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F37EBCB6-8056-466C-B2AB-385DF48EEA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:0.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D795EA7-04FC-4D0E-9944-6C9D4882A897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C36C437-D28D-452A-BAF0-4A618A61920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB898A5-C8EF-4BBA-B480-00461218FC3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D06D7E42-666F-43CE-8BE3-0EE915450CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D031679-0C77-4645-B488-DA29BB81FA39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:systemtap:systemtap:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5CA99B-6DED-4395-BFE0-C8DB7F504AF0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n insert_module en tiempo de ejecuci\u00f3n/staprun/staprun_funcs.c en la herramienta de tiempo de ejecuci\u00f3n systemtap (staprun) en SystemTap antes de v1.6 no valida correctamente un m\u00f3dulo cuando se carga, lo que permite a usuarios locales conseguir privilegios a trav\u00e9s de una condici\u00f3n de carrera entre la validaci\u00f3n de la firma y el m\u00f3dulo de inicializaci\u00f3n.\r\n"
    }
  ],
  "id": "CVE-2011-2503",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-26T19:55:00.793",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45377"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46920"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=blob%3Bf=NEWS%3Bhb=304d73b1fea24af791f2a129fb141c5009eae6a8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commitdiff%3Bh=ed51cfa24ca27746ab09b59280b94117dd58cba3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2348"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=blob%3Bf=NEWS%3Bhb=304d73b1fea24af791f2a129fb141c5009eae6a8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commitdiff%3Bh=ed51cfa24ca27746ab09b59280b94117dd58cba3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.