CVE-2010-4170

EPSS 24.1%

systemtap - several

Published: 12/7/2010Modified: 4/28/2026

Description

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.

Affected packages (2)

Debian/systemtapfrom 0, < 1.2-3
Debian/systemtapfrom 0, < 1.2-5+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-4170