Input validation error in SystemTap - CVE-2011-1769
Published: August 30, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU44763
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2011-1769
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: SystemTap
Affected software:
SystemTap
SystemTap
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access.
How to mitigate CVE-2011-1769
Install update from vendor's website.
Sources
- http://openwall.com/lists/oss-security/2011/05/20/2
- http://secunia.com/advisories/44802
- http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:154
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:155
- http://www.securityfocus.com/bid/47934
- https://bugzilla.redhat.com/show_bug.cgi?id=702687
- https://rhn.redhat.com/errata/RHSA-2011-0842.html