The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Systemtap | Systemtap | 1.3 (including) | 1.3 (including) |