Rapid7 Vulnerability & Exploit Database

RHSA-2011:0842: systemtap security update

Back to Search

RHSA-2011:0842: systemtap security update

Severity
1
CVSS
(AV:L/AC:H/Au:N/C:N/I:N/A:P)
Published
08/29/2011
Created
07/25/2018
Added
08/29/2011
Modified
07/04/2017

Description

SystemTap is an instrumentation system for systems running the Linuxkernel, version 2.6. Developers can write scripts to collect data on theoperation of the system.Two divide-by-zero flaws were found in the way SystemTap handled malformeddebugging information in DWARF format. When SystemTap unprivileged mode wasenabled, an unprivileged user in the stapusr group could use these flaws tocrash the system. Additionally, a privileged user (root, or a member of thestapdev group) could trigger these flaws when tricked into instrumenting aspecially-crafted ELF binary, even when unprivileged mode was not enabled.(CVE-2011-1769, CVE-2011-1781)SystemTap users should upgrade to these updated packages, which contain abackported patch to correct these issues.

Solution(s)

  • redhat-upgrade-systemtap
  • redhat-upgrade-systemtap-client
  • redhat-upgrade-systemtap-debuginfo
  • redhat-upgrade-systemtap-grapher
  • redhat-upgrade-systemtap-initscript
  • redhat-upgrade-systemtap-runtime
  • redhat-upgrade-systemtap-sdt-devel
  • redhat-upgrade-systemtap-server
  • redhat-upgrade-systemtap-testsuite

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;