NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2009-q1

[SA34475] SystemTap Module Loading Race Condition Privilege Escalation

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Thu Mar 26 2009 - 20:10:05 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia
report for 2008.

Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics

Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia

----------------------------------------------------------------------

TITLE:
SystemTap Module Loading Race Condition Privilege Escalation

SECUNIA ADVISORY ID:
SA34475

VERIFY ADVISORY:
http://secunia.com/advisories/34475/

DESCRIPTION:
A security issue has been reported in SystemTap, which can be
exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to a race condition while checking
and loading certain kernel modules, which can be exploited by e.g.
symlinking to valid kernel modules during the time of check and
replacing it with a symlink to a malicious kernel module before it's
loaded.

Successful exploitation allows to e.g. gain "stapdev" group or "root"
privileges, but requires membership of the "stapusr" group and that
the "/lib/modules/$VERSION/systemtap" directory exists.

SOLUTION:
Fixed in the GIT repository.
http://sources.redhat.com/git/?p=systemtap.git;a=commit;h=b41a544e20a42413daa0323d2f149e9e34586ccf

PROVIDED AND/OR DISCOVERED BY:
Erik Sjoelund

ORIGINAL ADVISORY:
DSA-1755-1:
http://lists.debian.org/debian-security-announce/2009/msg00065.html

Red Hat Bug #489808:
https://bugzilla.redhat.com/show_bug.cgi?id=489808

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]