CVE-2009-0784

Name of the Vulnerable Software and Affected Versions SystemTap stap tool versions 0.0.20080705 through 0.0.20090314 systemtap-client version 0.7.2 systemtap-testsuite version 0.7.2 systemtap-runtime version 0.7.2 systemtap-server version 0.7.2 systemtap version 0.7.2

Description The issue is related to a race condition in the SystemTap stap tool, which allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerability can be carried out locally.

Recommendations For SystemTap stap tool versions 0.0.20080705 through 0.0.20090314, consider disabling the stap tool until a patch is available. For systemtap-client version 0.7.2, restrict access to the client to minimize the risk of exploitation. For systemtap-testsuite version 0.7.2, avoid using the testsuite until the issue is resolved. For systemtap-runtime version 0.7.2, consider disabling the runtime environment until a patch is available. For systemtap-server version 0.7.2, restrict access to the server to minimize the risk of exploitation. For systemtap version 0.7.2, consider disabling the systemtap functionality until a patch is available.