CVE-2010-4170

EPSS 24.1%

systemtap - several

發布日:2010/12/7修改日:2026/4/28

描述

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.

受影響套件(2)

Debian/systemtapfrom 0, < 1.2-3
Debian/systemtapfrom 0, < 1.2-5+squeeze1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-4170