Summary
This host has SystemTap installed and is prone to multiple Denial of Service vulnerabilities.
Vulnerabilities Insight:
Multiple errors occur when SystemTap is running in 'unprivileged' mode.
- Error within the handling of the unwind table and CIE/CFI records - A buffer overflow error when processing a long number of parameters - A stack overflow when processing DWARF information
Impact
Attackers can exploit this issue to execute arbitrary code and cause a denial of service or compromise a vulnerable system.
Impact Level: System/Application.
Solution
Apply the patch from,
https://bugzilla.redhat.com/attachment.cgi?id=365293 https://bugzilla.redhat.com/attachment.cgi?id=365294 https://bugzilla.redhat.com/attachment.cgi?id=365413
*****
NOTE: Ignore this warning, if above mentioned patch is already applied.
*****
Affected
SystemTap version 1.0 and prior.
References
Severity
Classification
-
CVE CVE-2009-2911 -
CVSS Base Score: 1.9
AV:L/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Mac OS X)
- Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Mac OS X)
- Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
- SystemTap Unprivileged Mode Multiple Denial Of Service Vulnerabilities
- Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability