ID CVE-2010-0411
Summary Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
References
Vulnerable Configurations
  • SystemTap 1.1
    cpe:2.3:a:systemtap:systemtap:1.1
CVSS
Base: 4.9 (as of 09-02-2010 - 08:57)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
exploit-db via4
description SystemTap 1.0/1.1 '__get_argv()' and '__get_compat_argv()' Local Memory Corruption Vulnerabilities. CVE-2010-0411. Local exploit for linux platform
id EDB-ID:33604
last seen 2016-02-03
modified 2010-02-05
published 2010-02-05
reporter Josh Stone
source https://www.exploit-db.com/download/33604/
title SystemTap 1.0/1.1 - '__get_argv' and '__get_compat_argv' Local Memory Corruption Vulnerabilities
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0124.NASL
    description From Red Hat Security Advisory 2010:0124 : Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A flaw was found in the SystemTap compile server, stap-server, an optional component of SystemTap. This server did not adequately sanitize input provided by the stap-client program, which may allow a remote user to execute arbitrary shell code with the privileges of the compile server process, which could possibly be running as the root user. (CVE-2009-4273) Note: stap-server is not run by default. It must be started by a user or administrator. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 68003
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68003
    title Oracle Linux 5 : systemtap (ELSA-2010-0124)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0124.NASL
    description Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A flaw was found in the SystemTap compile server, stap-server, an optional component of SystemTap. This server did not adequately sanitize input provided by the stap-client program, which may allow a remote user to execute arbitrary shell code with the privileges of the compile server process, which could possibly be running as the root user. (CVE-2009-4273) Note: stap-server is not run by default. It must be started by a user or administrator. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44968
    published 2010-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44968
    title CentOS 5 : systemtap (CESA-2010:0124)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100301_SYSTEMTAP_ON_SL5_X.NASL
    description CVE-2009-4273 systemtap: remote code execution via stap-server CVE-2010-0411 systemtap: Crash with systemtap script using __get_argv() A flaw was found in the SystemTap compile server, stap-server, an optional component of SystemTap. This server did not adequately sanitize input provided by the stap-client program, which may allow a remote user to execute arbitrary shell code with the privileges of the compile server process, which could possibly be running as the root user. (CVE-2009-4273) Note: stap-server is not run by default. It must be started by a user or administrator. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60742
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60742
    title Scientific Linux Security Update : systemtap on SL5.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0125.NASL
    description From Red Hat Security Advisory 2010:0125 : Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68004
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68004
    title Oracle Linux 4 : systemtap (ELSA-2010-0125)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_SYSTEMTAP-100623.NASL
    description This update of systemtab fixes a shell meta character injection vulnerability that allows remote users to execute arbitrary commands with the privileges of the stap-server. (CVE-2009-4273) Additionally, a remote denial of service bug in the _getargv() function has been fixed. (CVE-2010-0411)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 50961
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50961
    title SuSE 11 Security Update : systemtap (SAT Patch Number 2579)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100301_SYSTEMTAP_ON_SL4_X.NASL
    description CVE-2010-0411 systemtap: Crash with systemtap script using __get_argv() A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60741
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60741
    title Scientific Linux Security Update : systemtap on SL4.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0124.NASL
    description Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A flaw was found in the SystemTap compile server, stap-server, an optional component of SystemTap. This server did not adequately sanitize input provided by the stap-client program, which may allow a remote user to execute arbitrary shell code with the privileges of the compile server process, which could possibly be running as the root user. (CVE-2009-4273) Note: stap-server is not run by default. It must be started by a user or administrator. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44956
    published 2010-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44956
    title RHEL 5 : systemtap (RHSA-2010:0124)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_SYSTEMTAP-100301.NASL
    description This updates systemtap to version 1.0. The version update was required to fix two issues; a shell meta.character injection vulnerability that allowed remote users to execute arbitrary commands () with the privileges of the stap-server. (CVE-2009-4273: CVSS v2 Base Score: 7.9 (important) (AV:A/AC:M/Au:N/C:C/I:C/A:C)) and a remote denial of service bug in the __get_argv() function (CVE-2010-0411: CVSS v2 Base Score: 4.9 (MEDIUM) (AV:L/AC:L/Au:N/C:N/I:N/A:C)). Version 1.0 is also subject to advisory CVE-2009-2911 fixing three denial of service issues when using unprivileged mode.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46012
    published 2010-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46012
    title openSUSE Security Update : systemtap (openSUSE-SU-2010:0166-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0125.NASL
    description Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44962
    published 2010-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44962
    title CentOS 4 : systemtap (CESA-2010:0125)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0125.NASL
    description Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44957
    published 2010-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44957
    title RHEL 4 : systemtap (RHSA-2010:0125)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1720.NASL
    description - Add systemtap-1.1-cfi-cfa_ops-fixes.patch - Resolves RHBZ #564429 - Add systemtap-1.1-get_argv.patch - Resolves CVE-2010-0411 - Add systemtap-1.1 -tighten-server-params.patch (excluding testsuite) - Resolves CVE-2010-0412, CVE-2009-4273 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47266
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47266
    title Fedora 12 : systemtap-1.1-2.fc12 (2010-1720)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1373.NASL
    description - Add systemtap-1.1-cfi-cfa_ops-fixes.patch - Resolves RHBZ #564429 - Add systemtap-1.1-get_argv.patch - Resolves CVE-2010-0411 - Add systemtap-1.1 -tighten-server-params.patch (excluding testsuite) - Resolves CVE-2010-0412, CVE-2009-4273 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47250
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47250
    title Fedora 11 : systemtap-1.1-2.fc11 (2010-1373)
oval via4
accepted 2013-04-29T04:21:15.130-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
family unix
id oval:org.mitre.oval:def:9675
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
version 24
redhat via4
advisories
  • bugzilla
    id 559719
    title CVE-2010-0411 systemtap: Crash with systemtap script using __get_argv()
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment systemtap is earlier than 0:0.9.7-5.el5_4.3
          oval oval:com.redhat.rhsa:tst:20100124002
        • comment systemtap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090373010
      • AND
        • comment systemtap-client is earlier than 0:0.9.7-5.el5_4.3
          oval oval:com.redhat.rhsa:tst:20100124008
        • comment systemtap-client is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090373012
      • AND
        • comment systemtap-initscript is earlier than 0:0.9.7-5.el5_4.3
          oval oval:com.redhat.rhsa:tst:20100124010
        • comment systemtap-initscript is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100124011
      • AND
        • comment systemtap-runtime is earlier than 0:0.9.7-5.el5_4.3
          oval oval:com.redhat.rhsa:tst:20100124006
        • comment systemtap-runtime is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090373014
      • AND
        • comment systemtap-sdt-devel is earlier than 0:0.9.7-5.el5_4.3
          oval oval:com.redhat.rhsa:tst:20100124014
        • comment systemtap-sdt-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100124015
      • AND
        • comment systemtap-server is earlier than 0:0.9.7-5.el5_4.3
          oval oval:com.redhat.rhsa:tst:20100124012
        • comment systemtap-server is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090373018
      • AND
        • comment systemtap-testsuite is earlier than 0:0.9.7-5.el5_4.3
          oval oval:com.redhat.rhsa:tst:20100124004
        • comment systemtap-testsuite is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090373016
    rhsa
    id RHSA-2010:0124
    released 2010-03-01
    severity Important
    title RHSA-2010:0124: systemtap security update (Important)
  • bugzilla
    id 559719
    title CVE-2010-0411 systemtap: Crash with systemtap script using __get_argv()
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment systemtap is earlier than 0:0.6.2-2.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100125002
        • comment systemtap is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20090373003
      • AND
        • comment systemtap-runtime is earlier than 0:0.6.2-2.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100125006
        • comment systemtap-runtime is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20090373005
      • AND
        • comment systemtap-testsuite is earlier than 0:0.6.2-2.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100125004
        • comment systemtap-testsuite is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20090373007
    rhsa
    id RHSA-2010:0125
    released 2010-03-01
    severity Moderate
    title RHSA-2010:0125: systemtap security update (Moderate)
rpms
  • systemtap-0:0.9.7-5.el5_4.3
  • systemtap-client-0:0.9.7-5.el5_4.3
  • systemtap-initscript-0:0.9.7-5.el5_4.3
  • systemtap-runtime-0:0.9.7-5.el5_4.3
  • systemtap-sdt-devel-0:0.9.7-5.el5_4.3
  • systemtap-server-0:0.9.7-5.el5_4.3
  • systemtap-testsuite-0:0.9.7-5.el5_4.3
  • systemtap-0:0.6.2-2.el4_8.1
  • systemtap-runtime-0:0.6.2-2.el4_8.1
  • systemtap-testsuite-0:0.6.2-2.el4_8.1
refmap via4
bid 38120
confirm
fedora
  • FEDORA-2010-1373
  • FEDORA-2010-1720
mlist [oss-security] 20100204 systemtap DoS issue (CVE-2010-0411)
sectrack 1023664
secunia
  • 38426
  • 38680
  • 38765
  • 38817
  • 39656
suse SUSE-SR:2010:010
vupen ADV-2010-1001
Last major update 21-08-2010 - 01:39
Published 08-02-2010 - 15:30
Last modified 18-09-2017 - 21:30
Back to Top