Summary
This host has SystemTap installed and is prone to multiple Denial of Service vulnerabilities.
Vulnerabilities Insight:
Multiple errors occur when SystemTap is running in 'unprivileged' mode.
- Error within the handling of the unwind table and CIE/CFI records - A buffer overflow error when processing a long number of parameters - A stack overflow when processing DWARF information
Impact
Attackers can exploit this issue to execute arbitrary code and cause a denial of service or compromise a vulnerable system.
Impact Level: System/Application.
Solution
Apply the patch from,
https://bugzilla.redhat.com/attachment.cgi?id=365293 https://bugzilla.redhat.com/attachment.cgi?id=365294 https://bugzilla.redhat.com/attachment.cgi?id=365413
*****
NOTE: Ignore this warning, if above mentioned patch is already applied.
*****
Affected
SystemTap version 1.0 and prior.
References
Severity
Classification
-
CVE CVE-2009-2911 -
CVSS Base Score: 1.9
AV:L/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability
- Wireshark SMB dissector Denial of Service Vulnerability (Windows)
- PHP 'mbstring.func_overload' DoS Vulnerability
- Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
- Oracle VM VirtualBox Local Denial of Service Vulnerability-01 Oct2013 (Windows)