MidnightBSD

Advisories for systemtap

CVE-2009-4273 HIGH

stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
systemtap systemtap 0.5.8
systemtap systemtap 0.9.9
systemtap systemtap 0.9.5
systemtap systemtap 0.5.14
systemtap systemtap *
systemtap systemtap 0.4
systemtap systemtap 0.7.2
systemtap systemtap 0.5
systemtap systemtap 0.9
systemtap systemtap 0.5.13
systemtap systemtap 0.5.4
systemtap systemtap 0.6.2
systemtap systemtap 0.7
systemtap systemtap 0.2.2
systemtap systemtap 0.5.10
systemtap systemtap 0.5.7
systemtap systemtap 0.6
systemtap systemtap 0.5.9
systemtap systemtap 0.9.7
systemtap systemtap 0.5.3
systemtap systemtap 0.5.12
systemtap systemtap 0.9.8
systemtap systemtap 0.5.5
systemtap systemtap 0.8
systemtap systemtap 0.3
CVE-2010-0411 MEDIUM

Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
systemtap systemtap 1.1
CVE-2010-0412 HIGH

stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
systemtap systemtap 1.1
CVE-2010-4170 HIGH

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
systemtap systemtap 1.3
CVE-2010-4171 LOW

The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
systemtap systemtap 1.3
CVE-2011-1769 LOW

SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access.

CVSS 2.0

Severity: LOW

Problem Type: CWE-189,

Products Affected

Vendor Product Version
systemtap systemtap 1.3
systemtap systemtap 0.5.8
systemtap systemtap 0.9.9
systemtap systemtap 0.9.5
systemtap systemtap 0.5.14
systemtap systemtap *
systemtap systemtap 0.4
systemtap systemtap 0.7.2
systemtap systemtap 1.1
systemtap systemtap 0.5
systemtap systemtap 0.9
systemtap systemtap 0.5.13
systemtap systemtap 0.5.4
systemtap systemtap 0.6.2
systemtap systemtap 0.7
systemtap systemtap 1.2
systemtap systemtap 0.2.2
systemtap systemtap 0.5.10
systemtap systemtap 0.5.7
systemtap systemtap 0.6
systemtap systemtap 0.5.9
systemtap systemtap 0.9.7
systemtap systemtap 0.5.3
systemtap systemtap 1.0
systemtap systemtap 0.5.12
systemtap systemtap 0.9.8
systemtap systemtap 0.5.5
systemtap systemtap 0.8
systemtap systemtap 0.3
CVE-2011-1781 LOW

SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing).

CVSS 2.0

Severity: LOW

Problem Type: CWE-189,

Products Affected

Vendor Product Version
systemtap systemtap 1.4
CVE-2011-2502 MEDIUM

runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
systemtap systemtap 1.3
systemtap systemtap 0.5.8
systemtap systemtap 0.9.9
systemtap systemtap 0.9.5
systemtap systemtap 0.5.14
systemtap systemtap *
systemtap systemtap 0.4
systemtap systemtap 0.7.2
systemtap systemtap 1.1
systemtap systemtap 0.5
systemtap systemtap 0.9
systemtap systemtap 0.5.13
systemtap systemtap 0.5.4
systemtap systemtap 0.6.2
systemtap systemtap 0.7
systemtap systemtap 1.2
systemtap systemtap 0.2.2
systemtap systemtap 0.5.10
systemtap systemtap 0.5.7
systemtap systemtap 0.6
systemtap systemtap 0.5.9
systemtap systemtap 0.9.7
systemtap systemtap 0.5.3
systemtap systemtap 1.0
systemtap systemtap 0.5.12
systemtap systemtap 0.9.8
systemtap systemtap 0.5.5
systemtap systemtap 0.8
systemtap systemtap 0.3
systemtap systemtap 1.4
CVE-2011-2503 LOW

The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
systemtap systemtap 1.3
systemtap systemtap 0.5.8
systemtap systemtap 0.9.9
systemtap systemtap 0.9.5
systemtap systemtap 0.5.14
systemtap systemtap *
systemtap systemtap 0.4
systemtap systemtap 0.7.2
systemtap systemtap 1.1
systemtap systemtap 0.5
systemtap systemtap 0.9
systemtap systemtap 0.5.13
systemtap systemtap 0.5.4
systemtap systemtap 0.6.2
systemtap systemtap 0.7
systemtap systemtap 1.2
systemtap systemtap 0.2.2
systemtap systemtap 0.5.10
systemtap systemtap 0.5.7
systemtap systemtap 0.6
systemtap systemtap 0.5.9
systemtap systemtap 0.9.7
systemtap systemtap 0.5.3
systemtap systemtap 1.0
systemtap systemtap 0.5.12
systemtap systemtap 0.9.8
systemtap systemtap 0.5.5
systemtap systemtap 0.8
systemtap systemtap 0.3
systemtap systemtap 1.4
CVE-2012-0875 MEDIUM

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
systemtap systemtap 1.6.7
systemtap systemtap 1.7