Privilege escalation vulnerability in SystemTap runtime tool (staprun) allows local users to gain elevated privileges

Privilege escalation vulnerability in SystemTap runtime tool (staprun) allows local users to gain elevated privileges

CVE-2011-2502 · MEDIUM Severity

AV:L/AC:M/AU:N/C:P/I:P/A:P

runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument.

Learn more about our User Device Pen Test.