module
SystemTap MODPROBE_OPTIONS Privilege Escalation
| Disclosed |
|---|
| Nov 17, 2010 |
Disclosed
Nov 17, 2010
Description
This module attempts to gain root privileges by exploiting a
vulnerability in the `staprun` executable included with SystemTap
version 1.3.
The `staprun` executable does not clear environment variables prior to
executing `modprobe`, allowing an arbitrary configuration file to be
specified in the `MODPROBE_OPTIONS` environment variable, resulting
in arbitrary command execution with root privileges.
This module has been tested successfully on:
systemtap 1.2-1.fc13-i686 on Fedora 13 (i686); and
systemtap 1.1-3.el5 on RHEL 5.5 (x64).
vulnerability in the `staprun` executable included with SystemTap
version 1.3.
The `staprun` executable does not clear environment variables prior to
executing `modprobe`, allowing an arbitrary configuration file to be
specified in the `MODPROBE_OPTIONS` environment variable, resulting
in arbitrary command execution with root privileges.
This module has been tested successfully on:
systemtap 1.2-1.fc13-i686 on Fedora 13 (i686); and
systemtap 1.1-3.el5 on RHEL 5.5 (x64).
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.