Secunia Security Advisory - A security issue has been reported in SystemTap, which can be exploited by malicious, local users to gain escalated privileges.
8569322a3da3b399544cc970c1993cfdc0bbfb436a06619f1b6043402be1f1e4
----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics
Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/
Stay Secure,
Secunia
----------------------------------------------------------------------
TITLE:
SystemTap Module Loading Race Condition Privilege Escalation
SECUNIA ADVISORY ID:
SA34475
VERIFY ADVISORY:
http://secunia.com/advisories/34475/
DESCRIPTION:
A security issue has been reported in SystemTap, which can be
exploited by malicious, local users to gain escalated privileges.
The security issue is caused due to a race condition while checking
and loading certain kernel modules, which can be exploited by e.g.
symlinking to valid kernel modules during the time of check and
replacing it with a symlink to a malicious kernel module before it's
loaded.
Successful exploitation allows to e.g. gain "stapdev" group or "root"
privileges, but requires membership of the "stapusr" group and that
the "/lib/modules/$VERSION/systemtap" directory exists.
SOLUTION:
Fixed in the GIT repository.
http://sources.redhat.com/git/?p=systemtap.git;a=commit;h=b41a544e20a42413daa0323d2f149e9e34586ccf
PROVIDED AND/OR DISCOVERED BY:
Erik Sjoelund
ORIGINAL ADVISORY:
DSA-1755-1:
http://lists.debian.org/debian-security-announce/2009/msg00065.html
Red Hat Bug #489808:
https://bugzilla.redhat.com/show_bug.cgi?id=489808
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------