 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.66965 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2010:0125 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2010:0125. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0125.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.9 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-0411 1023664 http://securitytracker.com/id?1023664 38120 http://www.securityfocus.com/bid/38120 38426 http://secunia.com/advisories/38426 38680 http://secunia.com/advisories/38680 38765 http://secunia.com/advisories/38765 38817 http://secunia.com/advisories/38817 39656 http://secunia.com/advisories/39656 ADV-2010-1001 http://www.vupen.com/english/advisories/2010/1001 FEDORA-2010-1373 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html FEDORA-2010-1720 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html RHSA-2010:0124 http://www.redhat.com/support/errata/RHSA-2010-0124.html RHSA-2010:0125 http://www.redhat.com/support/errata/RHSA-2010-0125.html SUSE-SR:2010:010 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html [oss-security] 20100204 systemtap DoS issue (CVE-2010-0411) http://marc.info/?l=oss-security&m=126530657715364&w=2 http://sourceware.org/bugzilla/show_bug.cgi?id=11234 http://sourceware.org/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=a2d399c87a642190f08ede63dc6fc434a5a8363a https://bugzilla.redhat.com/show_bug.cgi?id=559719 oval:org.mitre.oval:def:9675 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9675 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |