stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Systemtap
  • Systemtap

Configuration 1 [-]

OR cpe:2.3:a:systemtap:systemtap:*:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.3:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.4:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.7:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.8:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.10:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.12:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.13:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.5.14:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.6:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.7:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.8:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.9:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:systemtap:systemtap:0.9.9:*:*:*:*:*:*:*
References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html Patch
http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://secunia.com/advisories/38154 Vendor Advisory
http://secunia.com/advisories/38216 Vendor Advisory
http://secunia.com/advisories/38765
http://secunia.com/advisories/39656
http://sourceware.org/bugzilla/show_bug.cgi?id=11105
http://sourceware.org/ml/systemtap/2010-q1/msg00142.html
http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz Patch
http://www.redhat.com/support/errata/RHSA-2010-0124.html
http://www.vupen.com/english/advisories/2010/0169 Vendor Advisory
http://www.vupen.com/english/advisories/2010/1001
https://bugzilla.redhat.com/show_bug.cgi?id=550172
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2010-01-26T18:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2009-12-10T00:00:00

Link: CVE-2009-4273

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2010-01-26T18:30:00.963

Modified: 2023-02-13T01:18:01.057

Link: CVE-2009-4273

JSON object: View

cve-icon Redhat Information

No data.

CWE