CVE-2009-0784

Published: Mar 25, 2009Modified: Apr 23, 2026

6.3

Vector

AV:L/AC:M/Au:N/C:N/I:C/A:C

Exploitability: 3.4 / Impact: 9.2

Source: NVD

Description

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.

Affected (4)

Products: Systemtap: Systemtap · Debian: Debian Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Systemtap Systemtap	Version 0.0.20080705
Systemtap Systemtap	Version 0.0.20090314

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 5.0

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (16)

http://secunia.com/advisories/34441

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/34479

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/34548

Source: secalert@redhat.com

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2009/dsa-1755

Source: secalert@redhat.com

PatchThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-0373.html

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2009/0907

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/34441