CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 4CVE-2010-4170 – SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4170
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file. La herramienta staprun en SystemTap v1.3 no limpia debidamente las variables de entorno antes de ejecutar modprobe, lo que permite a usuarios locales obtener privilegios mediante el ajuste de la variable de entorno MODPROBE_OPTIONS para especificar un archivo de configuración malicioso. • https://www.exploit-db.com/exploits/46730 https://www.exploit-db.com/exploits/15620 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html http://secunia.com/advisories/42256 http://secunia.com/advisories/42263 http: • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2010-0412
https://notcve.org/view.php?id=CVE-2010-0412
stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273. stap-server en SystemTap v1.1 no restringe adecuadamente el valor de la opción -B(también conocida como BUILD), lo que permite a atacantes tener un impacto desconocido a través de vectores asociados con la ejecución del programa "make". Vector distinto del CVE-2009-4273. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html http://www.securityfocus.com/bid/38316 https://exchange.xforce.ibmcloud.com/vulnerabilities/56611 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 2CVE-2010-0411 – SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption
https://notcve.org/view.php?id=CVE-2010-0411
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. Múltiples errores de presencia de signo en entero en las funciones (1) __get_argv and (2) __get_compat_argv en tapset/aux_syscalls.stp en SystemTap 1.1, permite a usuarios locales provocar una denegación de servicio (caída de secuencias de comandos, o la caída o cuelgue del sistema) a través de un proceso con un número elevado de argumentos que permite el desbordamiento de búfer. • https://www.exploit-db.com/exploits/33604 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://marc.info/?l=oss-security&m=126530657715364&w=2 http://secunia.com/advisories/38426 http://secunia.com/advisories/38680 http://secunia.com/advisories/38765 http://secunia.com/advisories/38817 http:// • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 9%CPEs: 25EXPL: 1CVE-2009-4273 – SystemTap 1.0 - 'stat-server' Arbitrary Command Injection
https://notcve.org/view.php?id=CVE-2009-4273
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request. stap-server en SystemTap en versiones anteriores a v1.1 permite a atacantes remotos ejecutar comandos a través de metacaracteres de shell en argumentos de linea de comandos en una petición. • https://www.exploit-db.com/exploits/33535 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 1CVE-2009-2911
https://notcve.org/view.php?id=CVE-2009-2911
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records. SystemTap 1.0, cuando se utiliza la opción "--unprivileged", no restringe adecuadamente ciertos tamaños de datos, lo que permite a usuarios locales (1) producir una denegación de servicio o ganar privilegios a través de una operación de impresión con un gran numero de argumentos que inicia un desbordamiento de ka pila del kernel, (2) producir una denegación de servicio a través de expresión DWARF manipuladas que inician un desbordamiento de la pila del kernel, o (3) producir una denegación de servicio (bucle infinito) a través de vectores que inician la creación de grandes tablas relacionadas con las entradas "Entry Common Information" (CIE) y "Call Frame Instruction" (CFI). • http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41633 http://secunia.com/advisories/37167 http://sources.redhat.com/bugzilla/show_bug.cgi?id=10750 http://www.openwall.com/lists/oss-security/2009/10/21/1 http://www.securityfocus.com/bid/36778 http://www.vupen.com/english/advisories/2009/2989 https://bugzilla.redhat.com/show_bug.cgi?id=529175 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00627.html https://www.redhat.com/archives/fedora-package-anno • CWE-264: Permissions, Privileges, and Access Controls •