CVE-2009-4273

Name of the Vulnerable Software and Affected Versions systemtap-testsuite versions 0.9.7 systemtap-server versions 0.9.7 systemtap-client versions 0.9.7 systemtap-initscript versions 0.9.7 systemtap-runtime versions 0.9.7 systemtap versions 0.9.7 systemtap-sdt-devel versions 0.9.7

Description The issue involves multiple vulnerabilities in the systemtap package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. According to Mitre, the stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.

Recommendations For systemtap-testsuite version 0.9.7, update to a version that contains a fix for this issue. For systemtap-server version 0.9.7, update to a version that contains a fix for this issue. For systemtap-client version 0.9.7, update to a version that contains a fix for this issue. For systemtap-initscript version 0.9.7, update to a version that contains a fix for this issue. For systemtap-runtime version 0.9.7, update to a version that contains a fix for this issue. For systemtap version 0.9.7, update to a version that contains a fix for this issue. For systemtap-sdt-devel version 0.9.7, update to a version that contains a fix for this issue. As a temporary workaround, consider disabling the stap-server until a patch is available. Restrict access to the systemtap package to minimize the risk of exploitation. Avoid using the stap command-line arguments in the affected systemtap package until the issue is resolved.