Debian Security Advisory DSA 2348-1 (systemtap) Network Vulnerability

Summary

The remote host is missing an update to systemtap announced via advisory DSA 2348-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202348-1

Insight

Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux: CVE-2011-2503 It was discovered that a race condition in staprun could lead to privilege escalation. CVE-2010-4170 It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation. CVE-2010-4171 It was discovered that insufficient validation of module unloading could lead to denial of service. For the stable distribution (squeeze), this problem has been fixed in version 1.2-5+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 1.6-1. We recommend that you upgrade your systemtap packages.

Severity

Classification

CVE CVE-2010-4170, CVE-2010-4171, CVE-2011-2503

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 100-1 (gzip)
Debian Security Advisory DSA 089-1 (icecast-server)
Debian Security Advisory DSA 040-1 (slrn)
Debian Security Advisory DSA 1005-1 (xine-lib)
Debian Security Advisory DSA 070-1 (netkit-telnet)

Take action and discover your vulnerabilities