[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2911Date: (C)2009-10-22   (M)2023-12-22


SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.9
Exploit Score: 3.4
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
BID-36778
SECUNIA-37167
ADV-2009-2989
FEDORA-2009-10719
FEDORA-2009-10849
http://www.openwall.com/lists/oss-security/2009/10/21/1
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41633
http://sources.redhat.com/bugzilla/show_bug.cgi?id=10750
https://bugzilla.redhat.com/show_bug.cgi?id=529175

CPE    1
cpe:/a:systemtap:systemtap:1.0
CWE    1
CWE-264
OVAL    2
oval:org.secpod.oval:def:101803
oval:org.secpod.oval:def:102468

© SecPod Technologies