Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 290218 (CVE-2009-2911)

Summary: dev-util/systemtap DoS (+privilege escalation?) (CVE-2009-2911)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: selinux, swegener
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=529175
Whiteboard: ~3? [noglsa]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-23 09:41:11 UTC 
CVE-2009-2911 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2911):
  SystemTap 1.0, when the --unprivileged option is used, does not
  properly restrict certain data sizes, which allows local users to (1)
  cause a denial of service or gain privileges via a print operation
  with a large number of arguments that trigger a kernel stack
  overflow, (2) cause a denial of service via crafted DWARF expressions
  that trigger a kernel stack frame overflow, or (3) cause a denial of
  service (infinite loop) via vectors that trigger creation of large
  unwind tables, related to Common Information Entry (CIE) and Call
  Frame Instruction (CFI) records.
Comment 1 Sven Wegener gentoo-dev 2009-10-31 15:43:11 UTC 
i've commited 1.0-r1 to the tree, grabbing the three patches from redhat.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-31 15:48:58 UTC 
Thank you. Closing noglsa.
Comment 3 Samuli Suominen (RETIRED) gentoo-dev 2009-10-31 15:51:15 UTC 
Security: 

Please note that >=dev-util/systemtap-1 is hardmasked on selinux/ profiles,
which means this fix will not be available for selinux users.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-11-04 04:14:46 UTC 
Earlier versions (before 1.0) did not suffer from this vulnerability, so it is not an issue for them.