SystemTap 1.0/1.1 '__get_argv()' and '__get_compat_argv()' Local Memory Corruption Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/38120/info SystemTap is prone to multiple local memory-corruption vulnerabilities. An attacker may exploit these issues to execute arbitrary code with SYSTEM privileges. Failed exploit attempts will result in a denial of...

SystemTap 1.0 'stat-server' Remote Arbitrary Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37842/info SystemTap is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with...

openSUSE Security Update : systemtap (openSUSE-SU-2013:0475-1)

This systemtap updated fixes a security issue and bugs : Security fix: Fix kernel panic when processing malformed DWARF unwind data bnc748564 CVE-2012-0875 Also bugs were fixed : - Change how systemtap looks for tracepoint header files bnc796574, new patch: systemtap-build-source-dir.patch - Add...

SystemTap: Denial of service

Background SystemTap is a kernel profiling and instrumentation tool. Description SystemTap does not properly handle DWARF expressions when unwinding the stack. Impact A local attacker with SystemTap permissions could trigger a kernel panic, causing a Denial of Service condition. Workaround...

GLSA-201406-04 : SystemTap: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201406-04 SystemTap: Denial of Service SystemTap does not properly handle DWARF expressions when unwinding the stack. Impact : A local attacker with SystemTap permissions could trigger a kernel panic, causing a Denial of Service...

CVE-2012-0875

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...

CVE-2012-0875

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...

DEBIAN-CVE-2012-0875

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...

Null pointer dereference

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...

CVE-2012-0875

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...

CVE-2012-0875

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...

CVE-2012-0875

Affected software: SystemTap (examples cited: 1.7, 1.6.7; other versions likely affected). Vulnerability cause: When unprivileged mode is enabled, crafted DWARF data can trigger an invalid pointer read, enabling local users to read kernel memory or cause a kernel panic/DoS. Impact: Local informat...

CVE-2012-0875

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service kernel panic and crash via vectors related to crafted DWARF data, which triggers a read of an invalid pointer...

Amazon Linux AMI : systemtap (ALAS-2012-54)

An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kernel memory...

Oracle Linux 5 : systemtap (ELSA-2011-1089)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-1089 advisory. 1.3-9 - bz716489 patch Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested f...

Oracle Linux 5 : kernel (ELSA-2008-0885)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0885 advisory. - sound sndseqosssynthmakeinfo info leak Eugene Teo 458000 458001 CVE-2008-3272 - mm tmpfs: restore missing clearhighpage Eugene Teo 426082...

Oracle Linux 4 : systemtap (ELSA-2010-0895)

From Red Hat Security Advisory 2010:0895 : Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

Oracle Linux 5 : systemtap (ELSA-2010-0124)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0124 advisory. - rhbz556564-2: CVE-2009-4273 cont'd aka CVE-2010-0412 - rhbz559719: CVE-2010-0411 Tenable has extracted the preceding description block directly from...

Oracle Linux 5 / 6 : systemtap (ELSA-2012-0376)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-0376 advisory. 1.6-5.0.1.el62 - remove doc/SystemTapBeginnersGuide/en-US in tarball - comment bz683569.patch in specfile - remove buildtime dependency on package...

Oracle Linux 5 / 6 : systemtap (ELSA-2010-0894)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0894 advisory. - CVE-2010-4170 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...