CWE-94 - Failure to Control Generation of Code ('Code Injection')

oval:org.mitre.oval:def:11417, stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.

oval:org.mitre.oval:def:11414, The operating system installed on the system is Red Hat Enterprise Linux 5

• Application : Systemtap Systemtap (25)
  • cpe:/a:systemtap:systemtap:0.2.2
  • cpe:/a:systemtap:systemtap:0.3
  • cpe:/a:systemtap:systemtap:0.4
  • cpe:/a:systemtap:systemtap:0.5
  • cpe:/a:systemtap:systemtap:0.5.10
  • cpe:/a:systemtap:systemtap:0.5.12
  • cpe:/a:systemtap:systemtap:0.5.13
  • cpe:/a:systemtap:systemtap:0.5.14
  • cpe:/a:systemtap:systemtap:0.5.3
  • cpe:/a:systemtap:systemtap:0.5.4
  • cpe:/a:systemtap:systemtap:0.5.5
  • cpe:/a:systemtap:systemtap:0.5.7
  • cpe:/a:systemtap:systemtap:0.5.8
  • cpe:/a:systemtap:systemtap:0.5.9
  • cpe:/a:systemtap:systemtap:0.6
  • cpe:/a:systemtap:systemtap:0.6.2
  • cpe:/a:systemtap:systemtap:0.7
  • cpe:/a:systemtap:systemtap:0.7.2
  • cpe:/a:systemtap:systemtap:0.8
  • cpe:/a:systemtap:systemtap:0.9
  • cpe:/a:systemtap:systemtap:0.9.5
  • cpe:/a:systemtap:systemtap:0.9.7
  • cpe:/a:systemtap:systemtap:0.9.8
  • cpe:/a:systemtap:systemtap:0.9.9
  • cpe:/a:systemtap:systemtap:1.0

61806 : SystemTap stap-server Arbitrary Shell Command Execution.

Source : CONFIRM Url : http://sourceware.org/bugzilla/show_bug.cgi?id=11105 Url : http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz Url : https://bugzilla.redhat.com/show_bug.cgi?id=550172 Source : FEDORA Url : http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html Url : http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html Url : http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html Url : http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html Source : MLIST Url : http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html Url : http://sourceware.org/ml/systemtap/2010-q1/msg00142.html Source : REDHAT Url : http://www.redhat.com/support/errata/RHSA-2010-0124.html Source : SECUNIA Url : http://secunia.com/advisories/38154 Url : http://secunia.com/advisories/38216 Url : http://secunia.com/advisories/38765 Url : http://secunia.com/advisories/39656 Source : SUSE Url : http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html Source : VUPEN Url : http://www.vupen.com/english/advisories/2010/0169 Url : http://www.vupen.com/english/advisories/2010/1001