View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2010-4170 severity important: SUSE including 4 source package names (systemtap, systemtap-runtime, systemtap-sdt-devel, systemtap-server), 15 product×package rows across 8 product lines (SUSE Linux Enterprise Server 11 SP1 for Teradata, SUSE Linux Enterprise Server 11 SP3 LTSS, … (8 product lines)): Known Not Affected 15.
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.