Vulnerability CVE-2011-2503

Vulnerability Name:

CVE-2011-2503 (CCN-68783)

Assigned:

2011-07-25

Published:

2011-07-25

Updated:

2012-07-27

Summary:

The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.

CVSS v3 Severity:

4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

3.7 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
2.7 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.0 Medium (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
4.5 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2011-2503

Source: CCN
Type: RHSA-2011-1088
Moderate: systemtap security update

Source: CCN
Type: RHSA-2011-1089
Moderate: systemtap security update

Source: CCN
Type: SA45377
SystemTap "staprun" Privilege Escalation Security Issues

Source: SECUNIA
Type: Vendor Advisory
45377

Source: SECUNIA
Type: Vendor Advisory
46920

Source: CONFIRM
Type: UNKNOWN
http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=blob;f=NEWS;hb=304d73b1fea24af791f2a129fb141c5009eae6a8

Source: CONFIRM
Type: Exploit, Patch
http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commitdiff;h=ed51cfa24ca27746ab09b59280b94117dd58cba3

Source: CCN
Type: SystemTap Web page
SystemTap

Source: DEBIAN
Type: UNKNOWN
DSA-2348

Source: DEBIAN
Type: DSA-2348
systemtap -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 74148
SystemTap staprun Race Condition Module Loading Local Privilege Escalation

Source: CCN
Type: BID-48886
SystemTap Multiple Local Privilege Escalation Vulnerabilities

Source: CCN
Type: Red Hat Bugzilla Bug 716489
(CVE-2011-2503) CVE-2011-2503 systemtap: signed module loading race condition

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503

Source: XF
Type: UNKNOWN
systemtap-staprun-privilege-escalation(68783)

Vulnerable Configuration:

Configuration 1:

cpe:/a:systemtap:systemtap:0.2.2:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.3:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.4:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5.3:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5.4:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5.5:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5.7:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5.8:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5.9:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5.10:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5.12:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5.13:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.5.14:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.6:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.6.2:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.7:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.7.2:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.8:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.9:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.9.5:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.9.7:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.9.8:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:0.9.9:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:1.0:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:1.1:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:1.2:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:1.3:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:1.4:*:*:*:*:*:*:*

OR cpe:/a:systemtap:systemtap:*:*:*:*:*:*:*:* (Version <= 1.5)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:15202	P	DSA-2348-1 systemtap -- several	2014-06-23
oval:org.mitre.oval:def:23376	P	ELSA-2011:1088: systemtap security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:23350	P	ELSA-2011:1089: systemtap security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21608	P	RHSA-2011:1088: systemtap security update (Moderate)	2014-02-24
oval:org.mitre.oval:def:22019	P	RHSA-2011:1089: systemtap security update (Moderate)	2014-02-24
oval:com.ubuntu.precise:def:20112503000	V	CVE-2011-2503 on Ubuntu 12.04 LTS (precise) - medium.	2012-07-26
oval:com.redhat.rhsa:def:20111088	P	RHSA-2011:1088: systemtap security update (Moderate)	2011-07-25
oval:com.redhat.rhsa:def:20111089	P	RHSA-2011:1089: systemtap security update (Moderate)	2011-07-25

BACK