cve-2009-4273
Vulnerability from cvelistv5
Published
2010-01-26 18:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:54:10.227Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FEDORA-2010-1373", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html" }, { "name": "oval:org.mitre.oval:def:11417", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417" }, { "name": "38154", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38154" }, { "name": "FEDORA-2010-0671", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html" }, { "name": "FEDORA-2010-0688", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz" }, { "name": "39656", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39656" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=550172" }, { "name": "38216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38216" }, { "name": "[scm-commits] 20100215 rpms/systemtap/devel systemtap-1.1-tighten-server-params.patch, NONE, 1.1 systemtap.spec, 1.59, 1.60", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html" }, { "name": "ADV-2010-0169", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0169" }, { "name": "SUSE-SR:2010:010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html" }, { "name": "[systemtap] 20100115 SystemTap release 1.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://sourceware.org/ml/systemtap/2010-q1/msg00142.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11105" }, { "name": "RHSA-2010:0124", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0124.html" }, { "name": "38765", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38765" }, { "name": "FEDORA-2010-1720", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html" }, { "name": "ADV-2010-1001", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-01-15T00:00:00", "descriptions": [ { "lang": "en", "value": "stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "FEDORA-2010-1373", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html" }, { "name": "oval:org.mitre.oval:def:11417", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417" }, { "name": "38154", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38154" }, { "name": "FEDORA-2010-0671", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html" }, { "name": "FEDORA-2010-0688", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz" }, { "name": "39656", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39656" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=550172" }, { "name": "38216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38216" }, { "name": "[scm-commits] 20100215 rpms/systemtap/devel systemtap-1.1-tighten-server-params.patch, NONE, 1.1 systemtap.spec, 1.59, 1.60", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html" }, { "name": "ADV-2010-0169", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0169" }, { "name": "SUSE-SR:2010:010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html" }, { "name": "[systemtap] 20100115 SystemTap release 1.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://sourceware.org/ml/systemtap/2010-q1/msg00142.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11105" }, { "name": "RHSA-2010:0124", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0124.html" }, { "name": "38765", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38765" }, { "name": "FEDORA-2010-1720", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html" }, { "name": "ADV-2010-1001", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1001" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-4273", "datePublished": "2010-01-26T18:00:00", "dateReserved": "2009-12-10T00:00:00", "dateUpdated": "2024-08-07T06:54:10.227Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2009-4273\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-01-26T18:30:00.963\",\"lastModified\":\"2024-11-21T01:09:17.403\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.\"},{\"lang\":\"es\",\"value\":\"stap-server en SystemTap en versiones anteriores a v1.1 permite a atacantes remotos ejecutar comandos a trav\u00e9s de metacaracteres de shell en argumentos de linea de comandos en una petici\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0\",\"matchCriteriaId\":\"BBE3731E-B013-4997-BC82-42B482B3B878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04AE85B6-FE8D-4DD1-BECE-6B7146CF9D73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E150AE05-60B4-4ECE-AEFA-3A230DAEBCA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36FBF185-3189-40C2-B51B-2531F2D88602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C62AFF32-856E-4EF9-A87F-C06B6FEEE31F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57C746CB-8DFE-4795-931F-42050D7FBEB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"986B653D-5CF2-454C-A38F-172D2256E20C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF5E8C63-D68F-4ACA-B0DC-1D9EF6A3BFA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD56E555-180D-45C3-9311-EFB32F480035\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74215553-AB86-4184-B3AB-D82B20275ED6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5044754F-66CD-4D17-8874-7303D9F2DCE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC674046-FC4F-4262-8F71-4DEECAEC1A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A621722-6DD4-461D-AD74-461B9C10C772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B5B77E9-F98C-4310-8D6A-E41A27CD559A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6E9824F-8977-4CE6-BA05-E8899E41066E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF58A998-52F0-4BCA-9FF7-FCCC28E6FCE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2327CA9-5A80-4C86-BAF6-A9E3BB7085C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6627D143-6E8D-40DE-BBD0-308FF1B200D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1AE49CA-424E-4328-A348-98F2C847D8FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19E88BF9-1403-40F9-A64E-A1FEFEFC4E2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E12D5C4-4BC6-4802-B5CE-5D5A41FB3B71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FD4201A-64B5-4DCC-9696-BD0F8780D200\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3FEDD7F-969D-422C-A899-9550EC52EBD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F37EBCB6-8056-466C-B2AB-385DF48EEA8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:systemtap:systemtap:0.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D795EA7-04FC-4D0E-9944-6C9D4882A897\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38154\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38216\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38765\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/39656\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceware.org/bugzilla/show_bug.cgi?id=11105\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceware.org/ml/systemtap/2010-q1/msg00142.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0124.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0169\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1001\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=550172\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38765\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceware.org/bugzilla/show_bug.cgi?id=11105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceware.org/ml/systemtap/2010-q1/msg00142.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0124.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=550172\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.