CVE-2010-0411

Name of the Vulnerable Software and Affected Versions systemtap-testsuite versions 0.9.7 systemtap-server versions 0.9.7 systemtap-client versions 0.9.7 systemtap-initscript versions 0.9.7 systemtap-runtime versions 0.9.7 systemtap versions 0.9.7 systemtap-sdt-devel versions 0.9.7

Description The issue involves multiple vulnerabilities in the systemtap package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, there are integer signedness errors in the get argv and get compat argv functions in tapset/aux syscalls.stp in SystemTap, allowing local users to cause a denial of service via a process with a large number of arguments, leading to a buffer overflow.

Recommendations For systemtap-testsuite version 0.9.7, update to a newer version to mitigate the risk. For systemtap-server version 0.9.7, update to a newer version to mitigate the risk. For systemtap-client version 0.9.7, update to a newer version to mitigate the risk. For systemtap-initscript version 0.9.7, update to a newer version to mitigate the risk. For systemtap-runtime version 0.9.7, update to a newer version to mitigate the risk. For systemtap version 0.9.7, update to a newer version to mitigate the risk. For systemtap-sdt-devel version 0.9.7, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the get argv and get compat argv functions until a patch is available.