Bug 308053 (CVE-2010-0411)

Summary:	dev-util/systemtap: Denial of Service and Privilege Escalation Vulnerabilities (CVE-2010-{0411,0412,4170,4171})
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	swegener
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugzilla.redhat.com/show_bug.cgi?id=559719
Whiteboard:	~3 [noglsa]
Package list:		Runtime testing required:	---

Description Stefan Behte (RETIRED) gentoo-dev

2010-03-06 15:41:15 UTC

CVE-2010-0411 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0411):
  Multiple integer signedness errors in the (1) __get_argv and (2)
  __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap
  1.1 allow local users to cause a denial of service (script crash, or
  system crash or hang) via a process with a large number of arguments,
  leading to a buffer overflow.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-03-06 15:47:37 UTC

CVE-2010-0412 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0412):
  stap-server in SystemTap 1.1 does not properly restrict the value of
  the -B (aka BUILD) option, which allows attackers to have an
  unspecified impact via vectors associated with executing the make
  program, a different vulnerability than CVE-2009-4273.

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2010-11-19 06:42:25 UTC

Two more vulnerabilities in dev-util/systemtap. Upstream commit at:

http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2

To resolve these vulnerabilities, we should do one of the following:
 - bump to 1.3 and add the change at the above commit.
 - bump to the release after 1.3 when it is available.

Comment 3 Tim Sammut (RETIRED) gentoo-dev

2011-05-28 18:37:02 UTC

=dev-util/systemtap-1.4 is in the tree and contains the fix for this. Closing NOGLSA.