Synopsis: Moderate: systemtap security update Issue date: 2010-11-17 CVE Names: CVE-2010-4170 It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-4170) Note: On Scientific Linux 4, an attacker must be a member of the stapusr group to exploit this issue. Also note that, after installing this update, users already in the stapdev group must be added to the stapusr group in order to be able to run the staprun tool SL 4.x SRPMS: systemtap-0.6.2-2.el4_8.3.src.rpm i386: systemtap-0.6.2-2.el4_8.3.i386.rpm systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm x86_64: systemtap-0.6.2-2.el4_8.3.x86_64.rpm systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm -Connie Sieh -Troy Dawson