SciLinux: CVE-2009-4273 Important: systemtap SL5.x i386/x86_64
Summary
A flaw was found in the SystemTap compile server, stap-server, anoptional component of SystemTap. This server did not adequately sanitizeinput provided by the stap-client program, which may allow a remote userto execute arbitrary shell code with the privileges of the compileserver process, which could possibly be running as the root user.(CVE-2009-4273)Note: stap-server is not run by default. It must be started by a user oradministrator.A buffer overflow flaw was found in SystemTap's tapset __get_argv()function. If a privileged user ran a SystemTap script that called thisfunction, a local, unprivileged user could, while that script is stillrunning, trigger this flaw and cause memory corruption by running acommand with a large argument list, which may lead to a system crash or,potentially, arbitrary code execution with root privileges. (CVE-2010-0411)Note: SystemTap scripts that call __get_argv(), being a privilegedfunction, can only be executed by the root user or users in the stapdevgroup. As well, if such a script was compiled and installed by root,users in the stapusr group would also be able to execute it.SL 5.xSRPMS:systemtap-0.9.7-5.el5_4.3.src.rpmi386:systemtap-0.9.7-5.el5_4.3.i386.rpmsystemtap-client-0.9.7-5.el5_4.3.i386.rpmsystemtap-initscript-0.9.7-5.el5_4.3.i386.rpmsystemtap-runtime-0.9.7-5.el5_4.3.i386.rpmsystemtap-sdt-devel-0.9.7-5.el5_4.3.i386.rpmsystemtap-server-0.9.7-5.el5_4.3.i386.rpmsystemtap-testsuite-0.9.7-5.el5_4.3.i386.rpmx86_64:systemtap-0.9.7-5.el5_4.3.x86_64.rpmsystemtap-client-0.9.7-5.el5_4.3.x86_64.rpmsystemtap-initscript-0.9.7-5.el5_4.3.x86_64.rpmsystemtap-runtime-0.9.7-5.el5_4.3.x86_64.rpmsystemtap-sdt-devel-0.9.7-5.el5_4.3.i386.rpmsystemtap-sdt-devel-0.9.7-5.el5_4.3.x86_64.rpmsystemtap-server-0.9.7-5.el5_4.3.x86_64.rpmsystemtap-testsuite-0.9.7-5.el5_4.3.x86_64.rpm-Connie Sieh-Troy Dawson