Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2010-0411

Disclosure Date: February 08, 2010
CVE-2010-0411
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2010-0411 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0411)
BID-38120 (http://www.securityfocus.com/bid/38120)
Advisory
FEDORA-2010-1373 (http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html)
SECUNIA-38817 (http://secunia.com/advisories/38817)
SECUNIA-38426 (http://secunia.com/advisories/38426)
https://bugzilla.redhat.com/show_bug.cgi?id=559719
SECUNIA-39656 (http://secunia.com/advisories/39656)
http://sourceware.org/bugzilla/show_bug.cgi?id=11234
[oss-security] 20100204 systemtap DoS issue (CVE-2010-0411) (http://marc.info?l=oss-security&m=126530657715364&w=2)
SECUNIA-38680 (http://secunia.com/advisories/38680)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9675
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://www.redhat.com/support/errata/RHSA-2010-0125.html
http://sourceware.org/git/gitweb.cgi?p=systemtap.git;a=commit;h=a2d399c87a642190f08ede63dc6fc434a5a8363a
SECTRACK-1023664 (http://securitytracker.com/id?1023664)
http://www.redhat.com/support/errata/RHSA-2010-0124.html
SECUNIA-38765 (http://secunia.com/advisories/38765)
FEDORA-2010-1720 (http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html)
ADV-2010-1001 (http://www.vupen.com/english/advisories/2010/1001)
Miscellaneous
http://marc.info/?l=oss-security&m=126530657715364&w=2
http://sourceware.org/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=a2d399c87a642190f08ede63dc6fc434a5a8363a

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis