Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2010-0412 CVE-2010-0411

Source

Debian Bug report logs - #572560
CVE-2010-0412: Inproper restriction of "-B" option

Package: systemtap; Maintainer for systemtap is Ritesh Raj Sarraf <rrs@debian.org>; Source for systemtap is src:systemtap (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Thu, 4 Mar 2010 21:24:01 UTC

Severity: important

Tags: security

Fixed in versions systemtap/1.3-1, systemtap/1.2-4

Done: Ritesh Raj Sarraf <rrs@researchut.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Євгеній Мещеряков <eugen@debian.org>:
Bug#572560; Package systemtap. (Thu, 04 Mar 2010 21:24:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Євгеній Мещеряков <eugen@debian.org>. (Thu, 04 Mar 2010 21:24:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: systemtap
Severity: important
Tags: security

There's another systemtap vulnerability. Please investigate:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0412
http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages systemtap depends on:
ii  libc6                         2.10.2-5   Embedded GNU C Library: Shared lib
ii  libelf1                       0.145-1    library to read and write ELF file
ii  libgcc1                       1:4.4.3-2  GCC support library
ii  libsqlite3-0                  3.6.22-1   SQLite 3 shared library
ii  libstdc++6                    4.4.3-2    The GNU Standard C++ Library v3
pn  systemtap-runtime             <none>     (no description available)

systemtap recommends no packages.

Versions of packages systemtap suggests:
pn  systemtap-doc                 <none>     (no description available)
pn  vim-addon-manager             <none>     (no description available)

Bug Marked as fixed in versions systemtap/1.2-4. Request was from Ritesh Raj Sarraf <rrs@debian.org> to control@bugs.debian.org. (Mon, 22 Nov 2010 09:54:09 GMT) (full text, mbox, link).

Bug Marked as fixed in versions systemtap/1.3-1. Request was from Ritesh Raj Sarraf <rrs@debian.org> to control@bugs.debian.org. (Mon, 22 Nov 2010 09:54:10 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#572560; Package systemtap. (Wed, 10 Aug 2011 11:46:17 GMT) (full text, mbox, link).

Acknowledgement sent to Timo Juhani Lindfors <timo.lindfors@iki.fi>:
Extra info received and forwarded to list. Copy sent to Ritesh Raj Sarraf <rrs@debian.org>. (Wed, 10 Aug 2011 11:46:22 GMT) (full text, mbox, link).

Message #14 received at 572560@bugs.debian.org (full text, mbox, reply):

Ritesh Raj Sarraf <rrs@researchut.com> writes:
> I don't think this affects the version in squeeze. This one can be
> closed.

Ok and same probably goes for 572560?

-Timo

Message sent on to Moritz Muehlenhoff <jmm@debian.org>:
Bug#572560. (Wed, 10 Aug 2011 11:46:48 GMT) (full text, mbox, link).

Reply sent to rrs@researchut.com:
You have taken responsibility. (Wed, 10 Aug 2011 12:01:47 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Wed, 10 Aug 2011 12:02:06 GMT) (full text, mbox, link).

Message #22 received at 572560-done@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Yes. Marking it as done now.

On 08/10/2011 05:12 PM, Timo Juhani Lindfors wrote:
> Ritesh Raj Sarraf <rrs@researchut.com> writes:
>> I don't think this affects the version in squeeze. This one can be
>> closed.
> Ok and same probably goes for 572560?
>
> -Timo


-- 
Ritesh Raj Sarraf
RESEARCHUT - http://www.researchut.com
"Necessity is the mother of invention."

[signature.asc (application/pgp-signature, attachment)]

Message sent on to Moritz Muehlenhoff <jmm@debian.org>:
Bug#572560. (Wed, 10 Aug 2011 12:03:10 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 08 Sep 2011 07:37:12 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:01:05 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0412: Inproper restriction of "-B" option

Debian Bug report logs - #572560
CVE-2010-0412: Inproper restriction of "-B" option

Vulmon Search

About

Products

Connect

CVE-2010-0412: Inproper restriction of "-B" option

Debian Bug report logs - #572560 CVE-2010-0412: Inproper restriction of "-B" option

Vulmon Search

About

Products

Connect

Debian Bug report logs - #572560
CVE-2010-0412: Inproper restriction of "-B" option