[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111666

 
 

909

 
 

87321

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-0411Date: (C)2010-02-08   (M)2018-06-11


Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 3.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1023664
BID-38120
SECUNIA-38426
SECUNIA-38680
SECUNIA-38765
SECUNIA-38817
SECUNIA-39656
ADV-2010-1001
FEDORA-2010-1373
FEDORA-2010-1720
RHSA-2010:0124
RHSA-2010:0125
SUSE-SR:2010:010
http://marc.info/?l=oss-security&m=126530657715364&w=2
http://sourceware.org/bugzilla/show_bug.cgi?id=11234
http://sourceware.org/git/gitweb.cgi?p=systemtap.git;a=commit;h=a2d399c87a642190f08ede63dc6fc434a5a8363a
https://bugzilla.redhat.com/show_bug.cgi?id=559719

CPE    1
cpe:/a:systemtap:systemtap:1.1
CWE    1
CWE-189
OVAL    8
oval:org.secpod.oval:def:100327
oval:org.secpod.oval:def:100308
oval:org.secpod.oval:def:201921
oval:org.secpod.oval:def:201717
...

© SecPod Technologies