PT-2012-1085 · Red Hat+2 · Systemtap+3
CVE-2012-0875
·
Publicado
2012-03-08
·
Atualizado
2023-02-13
CVSS v2.0
5.4
Média
| Vetor | AV:L/AC:M/Au:N/C:P/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
SystemTap versions 1.6, 1.7 and probably other versions
SystemTap versions prior to 2.0
Description
The issue allows local users to obtain sensitive information from kernel memory or cause a denial of service via vectors related to crafted DWARF data. This can trigger a read of an invalid pointer, leading to a kernel panic and crash. The vulnerability can be exploited locally, potentially leading to a breach of confidentiality and availability of protected information.
Recommendations
For SystemTap versions 1.6 and 1.7, consider disabling unprivileged mode until a patch is available.
For SystemTap versions prior to 2.0, update to version 2.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the SystemTap package to minimize the risk of exploitation.
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Centos
Red Hat
Suse
Systemtap