stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| systemtap | systemtap | 0.5.8 |
| systemtap | systemtap | 0.9.9 |
| systemtap | systemtap | 0.9.5 |
| systemtap | systemtap | 0.5.14 |
| systemtap | systemtap | * |
| systemtap | systemtap | 0.4 |
| systemtap | systemtap | 0.7.2 |
| systemtap | systemtap | 0.5 |
| systemtap | systemtap | 0.9 |
| systemtap | systemtap | 0.5.13 |
| systemtap | systemtap | 0.5.4 |
| systemtap | systemtap | 0.6.2 |
| systemtap | systemtap | 0.7 |
| systemtap | systemtap | 0.2.2 |
| systemtap | systemtap | 0.5.10 |
| systemtap | systemtap | 0.5.7 |
| systemtap | systemtap | 0.6 |
| systemtap | systemtap | 0.5.9 |
| systemtap | systemtap | 0.9.7 |
| systemtap | systemtap | 0.5.3 |
| systemtap | systemtap | 0.5.12 |
| systemtap | systemtap | 0.9.8 |
| systemtap | systemtap | 0.5.5 |
| systemtap | systemtap | 0.8 |
| systemtap | systemtap | 0.3 |
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| systemtap | systemtap | 1.1 |
stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| systemtap | systemtap | 1.1 |
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| systemtap | systemtap | 1.3 |
The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| systemtap | systemtap | 1.3 |
SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access.
CVSS 2.0
Severity: LOW
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| systemtap | systemtap | 1.3 |
| systemtap | systemtap | 0.5.8 |
| systemtap | systemtap | 0.9.9 |
| systemtap | systemtap | 0.9.5 |
| systemtap | systemtap | 0.5.14 |
| systemtap | systemtap | * |
| systemtap | systemtap | 0.4 |
| systemtap | systemtap | 0.7.2 |
| systemtap | systemtap | 1.1 |
| systemtap | systemtap | 0.5 |
| systemtap | systemtap | 0.9 |
| systemtap | systemtap | 0.5.13 |
| systemtap | systemtap | 0.5.4 |
| systemtap | systemtap | 0.6.2 |
| systemtap | systemtap | 0.7 |
| systemtap | systemtap | 1.2 |
| systemtap | systemtap | 0.2.2 |
| systemtap | systemtap | 0.5.10 |
| systemtap | systemtap | 0.5.7 |
| systemtap | systemtap | 0.6 |
| systemtap | systemtap | 0.5.9 |
| systemtap | systemtap | 0.9.7 |
| systemtap | systemtap | 0.5.3 |
| systemtap | systemtap | 1.0 |
| systemtap | systemtap | 0.5.12 |
| systemtap | systemtap | 0.9.8 |
| systemtap | systemtap | 0.5.5 |
| systemtap | systemtap | 0.8 |
| systemtap | systemtap | 0.3 |
SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing).
CVSS 2.0
Severity: LOW
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| systemtap | systemtap | 1.4 |
runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| systemtap | systemtap | 1.3 |
| systemtap | systemtap | 0.5.8 |
| systemtap | systemtap | 0.9.9 |
| systemtap | systemtap | 0.9.5 |
| systemtap | systemtap | 0.5.14 |
| systemtap | systemtap | * |
| systemtap | systemtap | 0.4 |
| systemtap | systemtap | 0.7.2 |
| systemtap | systemtap | 1.1 |
| systemtap | systemtap | 0.5 |
| systemtap | systemtap | 0.9 |
| systemtap | systemtap | 0.5.13 |
| systemtap | systemtap | 0.5.4 |
| systemtap | systemtap | 0.6.2 |
| systemtap | systemtap | 0.7 |
| systemtap | systemtap | 1.2 |
| systemtap | systemtap | 0.2.2 |
| systemtap | systemtap | 0.5.10 |
| systemtap | systemtap | 0.5.7 |
| systemtap | systemtap | 0.6 |
| systemtap | systemtap | 0.5.9 |
| systemtap | systemtap | 0.9.7 |
| systemtap | systemtap | 0.5.3 |
| systemtap | systemtap | 1.0 |
| systemtap | systemtap | 0.5.12 |
| systemtap | systemtap | 0.9.8 |
| systemtap | systemtap | 0.5.5 |
| systemtap | systemtap | 0.8 |
| systemtap | systemtap | 0.3 |
| systemtap | systemtap | 1.4 |
The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| systemtap | systemtap | 1.3 |
| systemtap | systemtap | 0.5.8 |
| systemtap | systemtap | 0.9.9 |
| systemtap | systemtap | 0.9.5 |
| systemtap | systemtap | 0.5.14 |
| systemtap | systemtap | * |
| systemtap | systemtap | 0.4 |
| systemtap | systemtap | 0.7.2 |
| systemtap | systemtap | 1.1 |
| systemtap | systemtap | 0.5 |
| systemtap | systemtap | 0.9 |
| systemtap | systemtap | 0.5.13 |
| systemtap | systemtap | 0.5.4 |
| systemtap | systemtap | 0.6.2 |
| systemtap | systemtap | 0.7 |
| systemtap | systemtap | 1.2 |
| systemtap | systemtap | 0.2.2 |
| systemtap | systemtap | 0.5.10 |
| systemtap | systemtap | 0.5.7 |
| systemtap | systemtap | 0.6 |
| systemtap | systemtap | 0.5.9 |
| systemtap | systemtap | 0.9.7 |
| systemtap | systemtap | 0.5.3 |
| systemtap | systemtap | 1.0 |
| systemtap | systemtap | 0.5.12 |
| systemtap | systemtap | 0.9.8 |
| systemtap | systemtap | 0.5.5 |
| systemtap | systemtap | 0.8 |
| systemtap | systemtap | 0.3 |
| systemtap | systemtap | 1.4 |
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| systemtap | systemtap | 1.6.7 |
| systemtap | systemtap | 1.7 |