Debian Bug report logs -
#660886
CVE-2012-0875: systemtap memory disclosure/kernel panic when processing malformed DWARF unwind data
Reported by: Timo Juhani Lindfors <timo.lindfors@iki.fi>
Date: Wed, 22 Feb 2012 17:15:05 UTC
Severity: grave
Tags: security
Merged with 660929
Found in version systemtap/1.7-1~experimental1
Fixed in version systemtap/1.7-1
Done: Timo Juhani Lindfors <timo.lindfors@iki.fi>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#660886; Package systemtap.
(Wed, 22 Feb 2012 17:15:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Timo Juhani Lindfors <timo.lindfors@iki.fi>:
New Bug report received and forwarded. Copy sent to Ritesh Raj Sarraf <rrs@debian.org>.
(Wed, 22 Feb 2012 17:15:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: systemtap
Version: 1.7-1~experimental1
Severity: important
Tags: security
Quoting upstream annoucement. Squeeze is not vulnerable:
From: Vincent Danen <vdanen@redhat.com>
Subject: CVE-2012-0875: systemtap memory disclosure/kernel panic when processing malformed DWARF unwind data
To: oss-security@lists.openwall.com
Cc: systemtap@sourceware.org
Date: Wed, 22 Feb 2012 10:04:37 -0700
A flaw was discovered [1] in how systemtap handled DWARF expressions
when unwinding the stack. This could result in an invalid pointer read,
leading to reading kernel memory, or a kernel panic (and if the kernel
reboot on panic flag was set (panic_on_oops), it would cause the system
to reboot).
In order to trigger this flaw, an admin would have to enable
unprivileged mode (giving users membership in the 'stapusr' group and
configuring the local machine with 'signer,all-users' stap-server
trust). If an admin has enabled unprivileged mode, a user with such
access could use this to crash the local machine.
A workaround is to disable unprivileged mode.
This will be corrected in a forthcoming upstream release of systemtap,
and is currently fixed in git [2]. It is believed that this flaw was
introduced via git commit 16d59279f [3], so would affect systemtap >=
1.4.
[1] http://sourceware.org/bugzilla/show_bug.cgi?id=13714
[2] http://sourceware.org/git/?p=systemtap.git;a=commit;h=64b0cff3b
[3] http://sourceware.org/git/?p=systemtap.git;a=commit;h=16d59279f
This is tracked in the Red Hat bugzilla via:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0875
and is assigned the name CVE-2012-0875.
--
Vincent Danen / Red Hat Security Response Team
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages systemtap depends on:
ii libavahi-client3 0.6.30-6
ii libavahi-common3 0.6.30-6
ii libc6 2.13-26
ii libdw1 0.152-1+b1
ii libelf1 0.152-1+b1
ii libgcc1 1:4.6.2-12
ii libnspr4-0d 4.8.9-1
ii libnss3-1d 3.13.1.with.ckbi.1.88-1
ii libsqlite3-0 3.7.9-2
ii libstdc++6 4.6.2-12
ii make 3.81-8.1
ii systemtap-common 1.7-1~experimental1
ii systemtap-runtime 1.7-1~experimental1
systemtap recommends no packages.
Versions of packages systemtap suggests:
pn linux-debug <none>
pn linux-headers-3.0.0-1-amd64 [linux-headers] 3.0.0-3
pn linux-headers-3.1.0-1-amd64 [linux-headers] 3.1.8-2
pn linux-headers-3.2.0-1-amd64 [linux-headers] 3.2.4-1
pn linux-headers-amd64 [linux-headers] 3.2+43
pn linux-image-3.0.0-1-amd64 [linux-image] 3.0.0-3
pn linux-image-3.1.0-1-amd64 [linux-image] 3.1.8-2
pn linux-image-3.2.0-1-amd64 [linux-image] 3.2.4-1
pn systemtap-doc 1.7-1~experimental1
pn vim-addon-manager <none>
-- no debconf information
Severity set to 'grave' from 'important'
Request was from Timo Juhani Lindfors <timo.lindfors@iki.fi>
to control@bugs.debian.org.
(Wed, 22 Feb 2012 23:18:11 GMT) (full text, mbox, link).
Bug reassigned from package 'systemtap' to 'src:systemtap'.
Request was from Timo Juhani Lindfors <timo.lindfors@iki.fi>
to control@bugs.debian.org.
(Wed, 22 Feb 2012 23:18:11 GMT) (full text, mbox, link).
Merged 660886 660929.
Request was from Timo Juhani Lindfors <timo.lindfors@iki.fi>
to control@bugs.debian.org.
(Wed, 22 Feb 2012 23:18:12 GMT) (full text, mbox, link).
Reply sent
to Timo Juhani Lindfors <timo.lindfors@iki.fi>:
You have taken responsibility.
(Wed, 14 Mar 2012 16:09:08 GMT) (full text, mbox, link).
Notification sent
to Timo Juhani Lindfors <timo.lindfors@iki.fi>:
Bug acknowledged by developer.
(Wed, 14 Mar 2012 16:09:08 GMT) (full text, mbox, link).
Message #16 received at 660886-close@bugs.debian.org (full text, mbox, reply):
Source: systemtap
Source-Version: 1.7-1
We believe that the bug you reported is fixed in the latest version of
systemtap, which is due to be installed in the Debian FTP archive:
systemtap-client_1.7-1_amd64.deb
to main/s/systemtap/systemtap-client_1.7-1_amd64.deb
systemtap-common_1.7-1_all.deb
to main/s/systemtap/systemtap-common_1.7-1_all.deb
systemtap-doc_1.7-1_all.deb
to main/s/systemtap/systemtap-doc_1.7-1_all.deb
systemtap-grapher_1.7-1_amd64.deb
to main/s/systemtap/systemtap-grapher_1.7-1_amd64.deb
systemtap-runtime_1.7-1_amd64.deb
to main/s/systemtap/systemtap-runtime_1.7-1_amd64.deb
systemtap-sdt-dev_1.7-1_amd64.deb
to main/s/systemtap/systemtap-sdt-dev_1.7-1_amd64.deb
systemtap-server_1.7-1_amd64.deb
to main/s/systemtap/systemtap-server_1.7-1_amd64.deb
systemtap_1.7-1.debian.tar.gz
to main/s/systemtap/systemtap_1.7-1.debian.tar.gz
systemtap_1.7-1.dsc
to main/s/systemtap/systemtap_1.7-1.dsc
systemtap_1.7-1_amd64.deb
to main/s/systemtap/systemtap_1.7-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 660886@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Juhani Lindfors <timo.lindfors@iki.fi> (supplier of updated systemtap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 14 Mar 2012 14:23:00 +0200
Source: systemtap
Binary: systemtap systemtap-common systemtap-runtime systemtap-doc systemtap-server systemtap-client systemtap-sdt-dev systemtap-grapher
Architecture: source amd64 all
Version: 1.7-1
Distribution: unstable
Urgency: low
Maintainer: Ritesh Raj Sarraf <rrs@debian.org>
Changed-By: Timo Juhani Lindfors <timo.lindfors@iki.fi>
Description:
systemtap - instrumentation system for Linux
systemtap-client - instrumentation system for Linux (client for compile server)
systemtap-common - instrumentation system for Linux (common component)
systemtap-doc - documentation and examples for SystemTap
systemtap-grapher - instrumentation system for Linux (grapher)
systemtap-runtime - instrumentation system for Linux (runtime component)
systemtap-sdt-dev - statically defined probes development files
systemtap-server - instrumentation system for Linux (compile server)
Closes: 660886 660929
Changes:
systemtap (1.7-1) unstable; urgency=low
.
* Explicitly list supported architectures of systemtap-sdt-dev.
* Bump Standards-Version to 3.9.3, no changes were needed
* Apply upstream fix for CVE-2012-0875 (Closes: #660886, #660929)
Checksums-Sha1:
e9af82d25e44f62bfcb22d81b174c901950547b9 2674 systemtap_1.7-1.dsc
5ac49bb57915f0f8f3b9de3e1fa139f7b323aac1 27679 systemtap_1.7-1.debian.tar.gz
322b3e7c0b96f78d8c90ae53161a882d398a0024 842782 systemtap_1.7-1_amd64.deb
477a6d61890c2f6c94418cee39a9d06922f38a3d 515014 systemtap-common_1.7-1_all.deb
e2c8ce0885d3d900d3b05da514ba8e5b09f043c5 156984 systemtap-runtime_1.7-1_amd64.deb
ca06a13434ddc4d330439d8575d81d374d6e8062 1137454 systemtap-doc_1.7-1_all.deb
1554600e407b7738048c6d08e85fb97e7befcd3e 200074 systemtap-server_1.7-1_amd64.deb
7ccf38d829275f2b1e4bbf7df28ab48572a031c8 16504 systemtap-client_1.7-1_amd64.deb
354c6690ac40f24e3eb2e9b65be6a3d9a991b2c6 24016 systemtap-sdt-dev_1.7-1_amd64.deb
329ccee62767f05224213bdc5c605b57cccca292 122254 systemtap-grapher_1.7-1_amd64.deb
Checksums-Sha256:
db8fa34aa9898cfdc4247c566aec5b415278a0449b803818069e698de982dbeb 2674 systemtap_1.7-1.dsc
bf868cfc76a7921b8c96802081d8de2e2ca95a065d2864f7ba7d794156e6a639 27679 systemtap_1.7-1.debian.tar.gz
96144595ef6a5c4db0d4932eaacabc63930304e2893f862b54aa565a497d666d 842782 systemtap_1.7-1_amd64.deb
63c021e188aff261335b16609fcd7a3cd1488a0c3bd5a39a8d5b10cc88fd9b9c 515014 systemtap-common_1.7-1_all.deb
e2aa10004ca2b79632f3e289802fbd0cb7ef95b6896021411bbbf5e7bd8194ad 156984 systemtap-runtime_1.7-1_amd64.deb
ddc93fe3dbf73957053d31b0e4be5e6c7c17fc6210d627b927c9f700cb446bce 1137454 systemtap-doc_1.7-1_all.deb
0741da97c2e434a8404b72ea19ff8400b74c9a8cbe54cfd2f421b66795d25cb0 200074 systemtap-server_1.7-1_amd64.deb
97bada817fc24f443445465d87752bfab88c090a33f59a83b1d743eb8d34ef46 16504 systemtap-client_1.7-1_amd64.deb
71d5d31dfb17528014ecd4c387f2769fe7474cd98a954cb78585967778041c7e 24016 systemtap-sdt-dev_1.7-1_amd64.deb
019f26f81f25a97e9a5beeb8e3a3c2bad8b5c78c99299c0bdb7e79138b9c3f7a 122254 systemtap-grapher_1.7-1_amd64.deb
Files:
1987bc5915dce4dc07e6802e05e905f5 2674 devel optional systemtap_1.7-1.dsc
e479f526c81b1e148304a8c4c53b1044 27679 devel optional systemtap_1.7-1.debian.tar.gz
b55548466d817454d26345282b3c36d8 842782 devel optional systemtap_1.7-1_amd64.deb
7da11ad8e726af94bcddc4274fed12b8 515014 devel optional systemtap-common_1.7-1_all.deb
6a7de9f2bce268948e368dc052287347 156984 devel optional systemtap-runtime_1.7-1_amd64.deb
05008333b63884c197bfc6a35b35a3e3 1137454 doc optional systemtap-doc_1.7-1_all.deb
c77d65b8abf0c92a6834ee7912869e86 200074 devel optional systemtap-server_1.7-1_amd64.deb
bafb2db18f0acd436b0dbfa89a475c90 16504 devel optional systemtap-client_1.7-1_amd64.deb
8b79a738934ef1c70eb2b959f7a3bb4a 24016 devel optional systemtap-sdt-dev_1.7-1_amd64.deb
e073e20bd9725ad1850f8a478f13342e 122254 devel optional systemtap-grapher_1.7-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJPYLypAAoJEE0knZsj5vw6nRIQAI+jSE2XaBd/3HfHLUKffyos
Xx6b6b2gUmxR+hhLb09VKUZy3WvbKxNf1figCs9pH/AHl5VXsHPgWwHxxC3brRPT
LgcQpXbeZK1G8CpMMDRemzxblcZlTc42s5HRXvukAuOjrVxQMR+VCeZwd/18scx9
pcrMlkCngvxUNiwCKwqTIe2BN0NrzKyTVes/wPOo05nySc9xyx138bL/02fZXuZo
vnkQmj7SyLqCofVumhq7CYHz8srv1kwLbJY3YSEt+YzvochfT+8YPgluaHsTV0xv
9pdQz86bz9ZC/hor+wkqBqOpSbceOH+Zp/K0gT+wWnex4FUQqJDfw9grpJrXb2Si
+zEDRZNmmvPDboWrfOkwQW+EjiGLMR3LkaZ1cHgu35MAEPL5YaFruaEUwGI4xTfv
b6HJoGwTRIj+gjcRLsti+74XbXbqImhnA1QvUuG07lzm+QzHJAUQthLzc3kOfO3w
MgWsIK925ZMju3DMEwrqm9BCr/wz4pItx7fX0HZX2mgdBzjVh6pr1zp92aasipKV
4HKkwlklzGCT5m29DqHXxKB8ApLCW81LivDGvVqIWLGDhjdxfOzw0LnuoWTKUkGo
sYmJk2CQkjeOxkd6+CJMPo6ET6ZH3wosp01aH9HLc2jSA/ByXpR3BJVeJ+L2h0us
5atrvRGVaP80kukMQsIj
=Y4DD
-----END PGP SIGNATURE-----
Reply sent
to Timo Juhani Lindfors <timo.lindfors@iki.fi>:
You have taken responsibility.
(Wed, 14 Mar 2012 16:09:09 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Wed, 14 Mar 2012 16:09:09 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 12 Apr 2012 07:36:27 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:37:27 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon