CVE-2010-4170
Systemtap - Access Control
Title source: ruleDescription
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
Exploits (3)
metasploit
WORKING POC
EXCELLENT
by Tavis Ormandy, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/systemtap_modprobe_options_priv_esc.rb
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocallinux
https://www.exploit-db.com/exploits/46730
exploitdb
WORKING POC
VERIFIED
by Tavis Ormandy · bashlocallinux
https://www.exploit-db.com/exploits/15620
References (19)
Scores
EPSS
0.2408
EPSS Percentile
96.0%
Classification
CWE
CWE-264
Status
draft
Affected Products (1)
systemtap/systemtap
Timeline
Published
Dec 07, 2010
Tracked Since
Feb 18, 2026