--%> SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)
[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-0411

Date: (C)2010-02-08   (M)2017-09-19
 
CVSS Score: 4.9Access Vector: LOCAL
Exploitability Subscore: 3.9Access Complexity: LOW
Impact Subscore: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE











Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.

Reference:
SECTRACK-1023664
BID-38120
SECUNIA-38426
SECUNIA-38680
SECUNIA-38765
SECUNIA-38817
SECUNIA-39656
ADV-2010-1001
FEDORA-2010-1373
FEDORA-2010-1720
RHSA-2010:0124
RHSA-2010:0125
SUSE-SR:2010:010
http://marc.info/?l=oss-security&m=126530657715364&w=2
http://sourceware.org/bugzilla/show_bug.cgi?id=11234
http://sourceware.org/git/gitweb.cgi?p=systemtap.git;a=commit;h=a2d399c87a642190f08ede63dc6fc434a5a8363a
https://bugzilla.redhat.com/show_bug.cgi?id=559719

CPE    1
cpe:/a:systemtap:systemtap:1.1
CWE    1
CWE-189
OVAL    8
oval:org.secpod.oval:def:500353
oval:org.secpod.oval:def:200036
oval:org.secpod.oval:def:200148
oval:org.secpod.oval:def:100327
...

© 2013 SecPod Technologies