Executive Summary
Summary | |
---|---|
Title | systemtap security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0125 | First vendor Publication | 2010-03-01 |
Vendor | RedHat | Last vendor Modification | 2010-03-01 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 4.9 | Attack Range | Local |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel, version 2. |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0125.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21648 | |||
Oval ID: | oval:org.mitre.oval:def:21648 | ||
Title: | RHSA-2010:0124: systemtap security update (Important) | ||
Description: | Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0124-01 CESA-2010:0124 CVE-2009-4273 CVE-2010-0411 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | systemtap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23073 | |||
Oval ID: | oval:org.mitre.oval:def:23073 | ||
Title: | ELSA-2010:0124: systemtap security update (Important) | ||
Description: | Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0124-01 CVE-2009-4273 CVE-2010-0411 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | systemtap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28276 | |||
Oval ID: | oval:org.mitre.oval:def:28276 | ||
Title: | DEPRECATED: ELSA-2010-0124 -- systemtap security update (important) | ||
Description: | [0.9.7-5.3] - rhbz556564-2: CVE-2009-4273 cont'd aka CVE-2010-0412 - rhbz559719: CVE-2010-0411 - pr11286: stap-client --server operation [0.9.7-5.2] - rhbz556564: CVE-2009-4273 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0124 CVE-2009-4273 CVE-2010-0411 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | systemtap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9675 | |||
Oval ID: | oval:org.mitre.oval:def:9675 | ||
Title: | Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. | ||
Description: | Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0411 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for systemtap CESA-2010:0124 centos5 i386 File : nvt/gb_CESA-2010_0124_systemtap_centos5_i386.nasl |
2010-03-05 | Name : CentOS Update for systemtap CESA-2010:0125 centos4 i386 File : nvt/gb_CESA-2010_0125_systemtap_centos4_i386.nasl |
2010-03-05 | Name : RedHat Update for systemtap RHSA-2010:0124-01 File : nvt/gb_RHSA-2010_0124-01_systemtap.nasl |
2010-03-05 | Name : RedHat Update for systemtap RHSA-2010:0125-01 File : nvt/gb_RHSA-2010_0125-01_systemtap.nasl |
2010-03-02 | Name : Fedora Update for systemtap FEDORA-2010-1373 File : nvt/gb_fedora_2010_1373_systemtap_fc11.nasl |
2010-03-02 | Name : Fedora Update for systemtap FEDORA-2010-1720 File : nvt/gb_fedora_2010_1720_systemtap_fc12.nasl |
2010-02-11 | Name : SystemTap Multiple Vulnerabilities File : nvt/gb_systemtap_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62131 | SystemTap tapset/aux_syscall.stp Multiple Function Local Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0124.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0125.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100301_systemtap_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100301_systemtap_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_systemtap-100623.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1373.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1720.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_systemtap-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0124.nasl - Type : ACT_GATHER_INFO |
2010-03-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0125.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0124.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0125.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:17 |
|