RHSA-2010:0124: Important: systemtap security update
First published: Mon Mar 01 2010(Updated: )
SystemTap is an instrumentation system for systems running the Linux<br>kernel, version 2.6. Developers can write scripts to collect data on the<br>operation of the system.<br>A flaw was found in the SystemTap compile server, stap-server, an optional<br>component of SystemTap. This server did not adequately sanitize input<br>provided by the stap-client program, which may allow a remote user to<br>execute arbitrary shell code with the privileges of the compile server<br>process, which could possibly be running as the root user. (CVE-2009-4273)<br>Note: stap-server is not run by default. It must be started by a user or<br>administrator.<br>A buffer overflow flaw was found in SystemTap's tapset __get_argv()<br>function. If a privileged user ran a SystemTap script that called this<br>function, a local, unprivileged user could, while that script is still<br>running, trigger this flaw and cause memory corruption by running a command<br>with a large argument list, which may lead to a system crash or,<br>potentially, arbitrary code execution with root privileges. (CVE-2010-0411)<br>Note: SystemTap scripts that call __get_argv(), being a privileged<br>function, can only be executed by the root user or users in the stapdev<br>group. As well, if such a script was compiled and installed by root, users<br>in the stapusr group would also be able to execute it.<br>SystemTap users should upgrade to these updated packages, which contain<br>backported patches to correct these issues.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/systemtap | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-client | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-initscript | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-runtime | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-sdt-devel | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-sdt-devel | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-server | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-testsuite | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-client | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-initscript | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-runtime | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-server | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
| redhat/systemtap-testsuite | <0.9.7-5.el5_4.3 | 0.9.7-5.el5_4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0124
- agent/software-canonical-lookup
- package-manager/redhat