Published: 26/01/2010 Updated: 13/02/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

stap-server in SystemTap prior to 1.1 allows remote malicious users to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
systemtap systemtap
systemtap systemtap 0.3
systemtap systemtap 0.9.5
systemtap systemtap 0.4
systemtap systemtap 0.6.2
systemtap systemtap 0.5.10
systemtap systemtap 0.8
systemtap systemtap 0.9
systemtap systemtap 0.5.14
systemtap systemtap 0.7.2
systemtap systemtap 0.9.8
systemtap systemtap 0.7
systemtap systemtap 0.5.12
systemtap systemtap 0.5.4
systemtap systemtap 0.6
systemtap systemtap 0.5.7
systemtap systemtap 0.9.7
systemtap systemtap 0.9.9
systemtap systemtap 0.5.8
systemtap systemtap 0.5.3
systemtap systemtap 0.2.2
systemtap systemtap 0.5.5
systemtap systemtap 0.5.13
systemtap systemtap 0.5.9
systemtap systemtap 0.5

Synopsis Important: systemtap security update Type/Severity Security Advisory: Important Topic Updated systemtap packages that fix two security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security Response Team ...

Debian Bug report logs - #568865 CVE-2009-4273: stap-server in SystemTap before 11 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request Package: systemtap; Maintainer for systemtap is Ritesh Raj Sarraf <rrs@debianorg>; Source for systemtap is src:systemtap (PTS, ...

source: wwwsecurityfocuscom/bid/37842/info SystemTap is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application Versions prior to SystemTap 11 a ...

CWE-94 http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html http://sourceware.org/ml/systemtap/2010-q1/msg00142.html http://sourceware.org/bugzilla/show_bug.cgi?id=11105 https://bugzilla.redhat.com/show_bug.cgi?id=550172 http://www.vupen.com/english/advisories/2010/0169 http://secunia.com/advisories/38216 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html http://secunia.com/advisories/38154 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html http://www.redhat.com/support/errata/RHSA-2010-0124.html http://secunia.com/advisories/38765 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://secunia.com/advisories/39656 http://www.vupen.com/english/advisories/2010/1001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417 https://access.redhat.com/errata/RHSA-2010:0124 https://nvd.nist.gov https://www.exploit-db.com/exploits/33535/

CVE-2009-4273

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect