Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201406-04
HistoryJun 05, 2014 - 12:00 a.m.

SystemTap: Denial of service

2014-06-0500:00:00
Gentoo Foundation
security.gentoo.org
8

CVSS2

5.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

EPSS

0

Percentile

5.1%

JSON

Background

SystemTap is a kernel profiling and instrumentation tool.

Description

SystemTap does not properly handle DWARF expressions when unwinding the stack.

Impact

A local attacker with SystemTap permissions could trigger a kernel panic, causing a Denial of Service condition.

Workaround

Disabling unprivileged mode is a temporary workaround for this vulnerability.

Resolution

All SystemTap users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/systemtap-2.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-util/systemtap< 2.0UNKNOWN

Related

openvas 16
fedora 3
nessus 11
nvd 1
amazon 1
debiancve 1
cvelist 1
centos 1
ubuntucve 1
veracode 1
oraclelinux 1
redhat 1
prion 1
cve 1
openvas
openvas
Fedora Update for systemtap FEDORA-2012-2213
2012-04-02 00:00:00
Fedora Update for systemtap FEDORA-2012-2269
2012-08-30 00:00:00
RedHat Update for systemtap RHSA-2012:0376-01
2012-03-09 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: systemtap-1.7-2.fc16
2012-02-25 08:34:02
[SECURITY] Fedora 17 Update: systemtap-1.7-2.fc17
2012-02-28 10:37:36
[SECURITY] Fedora 15 Update: systemtap-1.7-2.fc15
2012-02-25 08:35:45
nessus
nessus
Fedora 16 : systemtap-1.7-2.fc16 (2012-2213)
2012-02-27 00:00:00
Oracle Linux 5 / 6 : systemtap (ELSA-2012-0376)
2013-07-12 00:00:00
Amazon Linux AMI : systemtap (ALAS-2012-54)
2013-09-04 00:00:00
nvd
nvd
CVE-2012-0875
2014-02-04 23:55:03
amazon
amazon
Medium: systemtap
2012-03-15 19:21:00
debiancve
debiancve
CVE-2012-0875
2014-02-04 23:55:03
cvelist
cvelist
CVE-2012-0875
2014-02-04 19:00:00
centos
centos
systemtap security update
2012-03-08 23:35:54
ubuntucve
ubuntucve
CVE-2012-0875
2014-02-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:07:44
oraclelinux
oraclelinux
systemtap security update
2012-03-08 00:00:00
redhat
redhat
(RHSA-2012:0376) Moderate: systemtap security update
2012-03-08 00:00:00
prion
prion
Null pointer dereference
2014-02-04 23:55:00
cve
cve
CVE-2012-0875
2014-02-04 23:55:03

CVSS2

5.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

EPSS

0

Percentile

5.1%

JSON
Related for GLSA-201406-04
openvas16fedora3nessus11nvd1amazon1debiancve1cvelist1centos1ubuntucve1veracode1oraclelinux1redhat1prion1cve1