CVE-2009-4273
Vulnerability from cvelistv5
Published
2010-01-26 18:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-1373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html"
},
{
"name": "oval:org.mitre.oval:def:11417",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417"
},
{
"name": "38154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38154"
},
{
"name": "FEDORA-2010-0671",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html"
},
{
"name": "FEDORA-2010-0688",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz"
},
{
"name": "39656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=550172"
},
{
"name": "38216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38216"
},
{
"name": "[scm-commits] 20100215 rpms/systemtap/devel systemtap-1.1-tighten-server-params.patch, NONE, 1.1 systemtap.spec, 1.59, 1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html"
},
{
"name": "ADV-2010-0169",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0169"
},
{
"name": "SUSE-SR:2010:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"name": "[systemtap] 20100115 SystemTap release 1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceware.org/ml/systemtap/2010-q1/msg00142.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11105"
},
{
"name": "RHSA-2010:0124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0124.html"
},
{
"name": "38765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38765"
},
{
"name": "FEDORA-2010-1720",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html"
},
{
"name": "ADV-2010-1001",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-1373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html"
},
{
"name": "oval:org.mitre.oval:def:11417",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417"
},
{
"name": "38154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38154"
},
{
"name": "FEDORA-2010-0671",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html"
},
{
"name": "FEDORA-2010-0688",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz"
},
{
"name": "39656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=550172"
},
{
"name": "38216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38216"
},
{
"name": "[scm-commits] 20100215 rpms/systemtap/devel systemtap-1.1-tighten-server-params.patch, NONE, 1.1 systemtap.spec, 1.59, 1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html"
},
{
"name": "ADV-2010-0169",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0169"
},
{
"name": "SUSE-SR:2010:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"name": "[systemtap] 20100115 SystemTap release 1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceware.org/ml/systemtap/2010-q1/msg00142.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11105"
},
{
"name": "RHSA-2010:0124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0124.html"
},
{
"name": "38765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38765"
},
{
"name": "FEDORA-2010-1720",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html"
},
{
"name": "ADV-2010-1001",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4273",
"datePublished": "2010-01-26T18:00:00",
"dateReserved": "2009-12-10T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2009-4273\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-01-26T18:30:00.963\",\"lastModified\":\"2024-11-21T01:09:17.403\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.\"},{\"lang\":\"es\",\"value\":\"stap-server en SystemTap en versiones anteriores a v1.1 permite a atacantes remotos ejecutar comandos a trav\u00e9s de metacaracteres de shell en argumentos de linea de comandos en una petici\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0\",\"matchCriteriaId\":\"BBE3731E-B013-4997-BC82-42B482B3B878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04AE85B6-FE8D-4DD1-BECE-6B7146CF9D73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E150AE05-60B4-4ECE-AEFA-3A230DAEBCA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36FBF185-3189-40C2-B51B-2531F2D88602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C62AFF32-856E-4EF9-A87F-C06B6FEEE31F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57C746CB-8DFE-4795-931F-42050D7FBEB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"986B653D-5CF2-454C-A38F-172D2256E20C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF5E8C63-D68F-4ACA-B0DC-1D9EF6A3BFA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD56E555-180D-45C3-9311-EFB32F480035\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74215553-AB86-4184-B3AB-D82B20275ED6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5044754F-66CD-4D17-8874-7303D9F2DCE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC674046-FC4F-4262-8F71-4DEECAEC1A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A621722-6DD4-461D-AD74-461B9C10C772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B5B77E9-F98C-4310-8D6A-E41A27CD559A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6E9824F-8977-4CE6-BA05-E8899E41066E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF58A998-52F0-4BCA-9FF7-FCCC28E6FCE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2327CA9-5A80-4C86-BAF6-A9E3BB7085C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6627D143-6E8D-40DE-BBD0-308FF1B200D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1AE49CA-424E-4328-A348-98F2C847D8FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19E88BF9-1403-40F9-A64E-A1FEFEFC4E2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E12D5C4-4BC6-4802-B5CE-5D5A41FB3B71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FD4201A-64B5-4DCC-9696-BD0F8780D200\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3FEDD7F-969D-422C-A899-9550EC52EBD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F37EBCB6-8056-466C-B2AB-385DF48EEA8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D795EA7-04FC-4D0E-9944-6C9D4882A897\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38154\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38216\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38765\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/39656\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceware.org/bugzilla/show_bug.cgi?id=11105\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceware.org/ml/systemtap/2010-q1/msg00142.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0124.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0169\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1001\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=550172\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38765\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceware.org/bugzilla/show_bug.cgi?id=11105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceware.org/ml/systemtap/2010-q1/msg00142.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0124.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=550172\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.