CVE-2010-4171 - OpenCVE

The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Systemtap	Systemtap

Configuration 1 [-]

cpe:2.3:a:systemtap:systemtap:1.3:*:*:*:*:*:*:*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html
http://secunia.com/advisories/42256	Vendor Advisory
http://secunia.com/advisories/42263	Vendor Advisory
http://secunia.com/advisories/42318	Vendor Advisory
http://secunia.com/advisories/46920
http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2
http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html
http://www.debian.org/security/2011/dsa-2348
http://www.redhat.com/support/errata/RHSA-2010-0894.html
http://www.securityfocus.com/bid/44917
http://www.securitytracker.com/id?1024754
https://bugzilla.redhat.com/show_bug.cgi?id=653606
https://exchange.xforce.ibmcloud.com/vulnerabilities/63345

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2010-12-07T21:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2010-11-04T00:00:00

Link: CVE-2010-4171

JSON object: View

NVD Information

Status : Modified

Published: 2010-12-07T22:00:02.517

Modified: 2023-02-13T04:28:10.237

Link: CVE-2010-4171

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[systemtap] 20101117 important systemtap security fix", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html"}, {"name": "FEDORA-2010-17873", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html"}, {"name": "42263", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42263"}, {"name": "FEDORA-2010-17865", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=653606"}, {"name": "systemtap-staprunmod-dos(63345)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63345"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2"}, {"name": "RHSA-2010:0894", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0894.html"}, {"name": "DSA-2348", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2348"}, {"name": "1024754", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024754"}, {"name": "46920", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46920"}, {"name": "42256", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42256"}, {"name": "42318", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42318"}, {"name": "44917", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44917"}, {"name": "FEDORA-2010-17868", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4171", "datePublished": "2010-12-07T21:00:00", "dateReserved": "2010-11-04T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemtap:systemtap:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3D031679-0C77-4645-B488-DA29BB81FA39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules)."}, {"lang": "es", "value": "La herramienta en tiempo de ejecuci\u00f3n staprun en SystemTap v1.3 no comprueba que un m\u00f3dulo que se descargue hubiera sido cargado previamente por SystemTap, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (mediante descarga de los m\u00f3dulos del kernel de su elecci\u00f3n).\r\n"}], "id": "CVE-2010-4171", "lastModified": "2023-02-13T04:28:10.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-07T22:00:02.517", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42256"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42263"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42318"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/46920"}, {"source": "secalert@redhat.com", "url": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2"}, {"source": "secalert@redhat.com", "url": "http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2011/dsa-2348"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2010-0894.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/44917"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1024754"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=653606"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63345"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}