[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503
From:       Huzaifa Sidhpurwala <huzaifas () redhat ! com>
Date:       2011-07-28 10:26:07
Message-ID: 4E31366F.4010704 () redhat ! com
[Download RAW message or body]

On 07/28/2011 03:34 PM, Tavis Ormandy wrote:

> Interesting, I also looked at systemtap and found a local root
> (CVE-2010-4170), but was under the impression we had agreed it should be
> restricted to a privileged group?
> 
> https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/systemtap-2010-11-18
> 
> I stopped looking because I concluded that had eliminated any security risk,
> is that no longer the case?
> 
I believe this does reduce the risk, but does not totally eliminate it.



-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]