ID CVE-2011-1781
Summary SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing).
References
Vulnerable Configurations
  • SystemTap 1.4
    cpe:2.3:a:systemtap:systemtap:1.4
CVSS
Base: 1.2 (as of 30-08-2011 - 12:37)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0842.NASL
    description Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. Two divide-by-zero flaws were found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use these flaws to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger these flaws when tricked into instrumenting a specially crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2011-1769, CVE-2011-1781) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 54930
    published 2011-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54930
    title RHEL 6 : systemtap (RHSA-2011:0842)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-155.NASL
    description Multiple vulnerabilities has been discovered and corrected in systemtap : SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access (CVE-2011-1769). SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing) (CVE-2011-1781). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 61932
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61932
    title Mandriva Linux Security Advisory : systemtap (MDVSA-2011:155)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0841.NASL
    description Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A divide-by-zero flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger this flaw when tricked into instrumenting a specially crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2011-1769) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67083
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67083
    title CentOS 5 : systemtap (CESA-2011:0841)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0841.NASL
    description From Red Hat Security Advisory 2011:0841 : Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A divide-by-zero flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger this flaw when tricked into instrumenting a specially crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2011-1769) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2016-05-06
    plugin id 68281
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68281
    title Oracle Linux 5 : systemtap (ELSA-2011-0841)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-7302.NASL
    description Two divide-by-zero flaws were found in the way systemtap interpreted certain corrupted DWARF expressions. A privileged user able to execute arbitrary systemtap scripts could be tricked into triggering this flaw to crash the target machine. An unprivileged user (in the stapusr group) may be able to trigger this flaw to crash the target machine, only if unprivileged mode was enabled by the system administrator. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 54836
    published 2011-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54836
    title Fedora 14 : systemtap-1.4-6.fc14 (2011-7302)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-7289.NASL
    description Two divide-by-zero flaws were found in the way systemtap interpreted certain corrupted DWARF expressions. A privileged user able to execute arbitrary systemtap scripts could be tricked into triggering this flaw to crash the target machine. An unprivileged user (in the stapusr group) may be able to trigger this flaw to crash the target machine, only if unprivileged mode was enabled by the system administrator. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 54835
    published 2011-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54835
    title Fedora 13 : systemtap-1.4-6.fc13 (2011-7289)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-7314.NASL
    description Two divide-by-zero flaws were found in the way systemtap interpreted certain corrupted DWARF expressions. A privileged user able to execute arbitrary systemtap scripts could be tricked into triggering this flaw to crash the target machine. An unprivileged user (in the stapusr group) may be able to trigger this flaw to crash the target machine, only if unprivileged mode was enabled by the system administrator. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 54837
    published 2011-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54837
    title Fedora 15 : systemtap-1.4-9.fc15 (2011-7314)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0841.NASL
    description Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A divide-by-zero flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger this flaw when tricked into instrumenting a specially crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2011-1769) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 54929
    published 2011-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54929
    title RHEL 5 : systemtap (RHSA-2011:0841)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0842.NASL
    description From Red Hat Security Advisory 2011:0842 : Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. Two divide-by-zero flaws were found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use these flaws to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger these flaws when tricked into instrumenting a specially crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2011-1769, CVE-2011-1781) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen 2019-02-21
    modified 2016-05-06
    plugin id 68282
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68282
    title Oracle Linux 6 : systemtap (ELSA-2011-0842)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110531_SYSTEMTAP_ON_SL6_X.NASL
    description SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. Two divide-by-zero flaws were found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use these flaws to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger these flaws when tricked into instrumenting a specially crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2011-1769, CVE-2011-1781) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61062
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61062
    title Scientific Linux Security Update : systemtap on SL6.x i386/x86_64
redhat via4
advisories
bugzilla
id 703972
title CVE-2011-1781 systemtap: divide by zero stack unwinding flaw
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment systemtap is earlier than 0:1.4-6.el6_1.1
        oval oval:com.redhat.rhsa:tst:20110842005
      • comment systemtap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100894021
    • AND
      • comment systemtap-client is earlier than 0:1.4-6.el6_1.1
        oval oval:com.redhat.rhsa:tst:20110842015
      • comment systemtap-client is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100894023
    • AND
      • comment systemtap-grapher is earlier than 0:1.4-6.el6_1.1
        oval oval:com.redhat.rhsa:tst:20110842009
      • comment systemtap-grapher is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100894031
    • AND
      • comment systemtap-initscript is earlier than 0:1.4-6.el6_1.1
        oval oval:com.redhat.rhsa:tst:20110842013
      • comment systemtap-initscript is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100894027
    • AND
      • comment systemtap-runtime is earlier than 0:1.4-6.el6_1.1
        oval oval:com.redhat.rhsa:tst:20110842019
      • comment systemtap-runtime is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100894035
    • AND
      • comment systemtap-sdt-devel is earlier than 0:1.4-6.el6_1.1
        oval oval:com.redhat.rhsa:tst:20110842007
      • comment systemtap-sdt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100894025
    • AND
      • comment systemtap-server is earlier than 0:1.4-6.el6_1.1
        oval oval:com.redhat.rhsa:tst:20110842011
      • comment systemtap-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100894033
    • AND
      • comment systemtap-testsuite is earlier than 0:1.4-6.el6_1.1
        oval oval:com.redhat.rhsa:tst:20110842017
      • comment systemtap-testsuite is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100894029
rhsa
id RHSA-2011:0842
released 2011-05-31
severity Moderate
title RHSA-2011:0842: systemtap security update (Moderate)
rpms
  • systemtap-0:1.4-6.el6_1.1
  • systemtap-client-0:1.4-6.el6_1.1
  • systemtap-grapher-0:1.4-6.el6_1.1
  • systemtap-initscript-0:1.4-6.el6_1.1
  • systemtap-runtime-0:1.4-6.el6_1.1
  • systemtap-sdt-devel-0:1.4-6.el6_1.1
  • systemtap-server-0:1.4-6.el6_1.1
  • systemtap-testsuite-0:1.4-6.el6_1.1
refmap via4
bid 47934
confirm
mandriva MDVSA-2011:155
mlist [oss-security] 20110520 systemtap divide-by-zero issues (CVE-2011-1769, CVE-2011-1781)
secunia 44802
Last major update 26-10-2011 - 23:25
Published 29-08-2011 - 17:55
Back to Top