Executive Summary
Summary | |
---|---|
Title | systemtap security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0124 | First vendor Publication | 2010-03-01 |
Vendor | RedHat | Last vendor Modification | 2010-03-01 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel, version 2. |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0124.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11417 | |||
Oval ID: | oval:org.mitre.oval:def:11417 | ||
Title: | stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request. | ||
Description: | stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4273 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21648 | |||
Oval ID: | oval:org.mitre.oval:def:21648 | ||
Title: | RHSA-2010:0124: systemtap security update (Important) | ||
Description: | Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0124-01 CESA-2010:0124 CVE-2009-4273 CVE-2010-0411 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | systemtap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23073 | |||
Oval ID: | oval:org.mitre.oval:def:23073 | ||
Title: | ELSA-2010:0124: systemtap security update (Important) | ||
Description: | Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0124-01 CVE-2009-4273 CVE-2010-0411 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | systemtap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28276 | |||
Oval ID: | oval:org.mitre.oval:def:28276 | ||
Title: | DEPRECATED: ELSA-2010-0124 -- systemtap security update (important) | ||
Description: | [0.9.7-5.3] - rhbz556564-2: CVE-2009-4273 cont'd aka CVE-2010-0412 - rhbz559719: CVE-2010-0411 - pr11286: stap-client --server operation [0.9.7-5.2] - rhbz556564: CVE-2009-4273 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0124 CVE-2009-4273 CVE-2010-0411 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | systemtap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9675 | |||
Oval ID: | oval:org.mitre.oval:def:9675 | ||
Title: | Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. | ||
Description: | Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0411 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for systemtap CESA-2010:0124 centos5 i386 File : nvt/gb_CESA-2010_0124_systemtap_centos5_i386.nasl |
2010-03-05 | Name : CentOS Update for systemtap CESA-2010:0125 centos4 i386 File : nvt/gb_CESA-2010_0125_systemtap_centos4_i386.nasl |
2010-03-05 | Name : RedHat Update for systemtap RHSA-2010:0124-01 File : nvt/gb_RHSA-2010_0124-01_systemtap.nasl |
2010-03-05 | Name : RedHat Update for systemtap RHSA-2010:0125-01 File : nvt/gb_RHSA-2010_0125-01_systemtap.nasl |
2010-03-02 | Name : Fedora Update for systemtap FEDORA-2010-0671 File : nvt/gb_fedora_2010_0671_systemtap_fc11.nasl |
2010-03-02 | Name : Fedora Update for systemtap FEDORA-2010-0688 File : nvt/gb_fedora_2010_0688_systemtap_fc12.nasl |
2010-03-02 | Name : Fedora Update for systemtap FEDORA-2010-1373 File : nvt/gb_fedora_2010_1373_systemtap_fc11.nasl |
2010-03-02 | Name : Fedora Update for systemtap FEDORA-2010-1720 File : nvt/gb_fedora_2010_1720_systemtap_fc12.nasl |
2010-02-11 | Name : SystemTap Multiple Vulnerabilities File : nvt/gb_systemtap_mult_vuln.nasl |
2010-02-02 | Name : SystemTap 'stap-server' Remote Shell Command Injection Vulnerability File : nvt/secpod_systemtap_shell_cmd_injection_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62131 | SystemTap tapset/aux_syscall.stp Multiple Function Local Overflow |
61806 | SystemTap stap-server Arbitrary Shell Command Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0124.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0125.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100301_systemtap_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100301_systemtap_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_systemtap-100623.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-0671.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-0688.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1373.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1720.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_systemtap-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0124.nasl - Type : ACT_GATHER_INFO |
2010-03-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0125.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0124.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0125.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:16 |
|