CVE-2009-4273

Published: Jan 26, 2010Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.

Affected (25)

Products: Systemtap: Systemtap

1 product

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Systemtap Systemtap	Up to 1.0
Systemtap Systemtap	Version 0.2.2
Systemtap Systemtap	Version 0.3
Systemtap Systemtap	Version 0.4
Systemtap Systemtap	Version 0.5.10
Systemtap Systemtap	Version 0.5.12
Systemtap Systemtap	Version 0.5.13
Systemtap Systemtap	Version 0.5.14
Systemtap Systemtap	Version 0.5.3
Systemtap Systemtap	Version 0.5.4
Systemtap Systemtap	Version 0.5.5
Systemtap Systemtap	Version 0.5.7
Systemtap Systemtap	Version 0.5.8
Systemtap Systemtap	Version 0.5.9
Systemtap Systemtap	Version 0.5
Systemtap Systemtap	Version 0.6.2
Systemtap Systemtap	Version 0.6
Systemtap Systemtap	Version 0.7.2
Systemtap Systemtap	Version 0.7
Systemtap Systemtap	Version 0.8
Systemtap Systemtap	Version 0.9.5
Systemtap Systemtap	Version 0.9.7
Systemtap Systemtap	Version 0.9.8
Systemtap Systemtap	Version 0.9.9
Systemtap Systemtap	Version 0.9

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (36)

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html

Source: secalert@redhat.com

Patch

http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html

Source: secalert@redhat.com

http://secunia.com/advisories/38154

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/38216

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/38765

Source: secalert@redhat.com

http://secunia.com/advisories/39656

Source: secalert@redhat.com

http://sourceware.org/bugzilla/show_bug.cgi?id=11105

Source: secalert@redhat.com

http://sourceware.org/ml/systemtap/2010-q1/msg00142.html

Source: secalert@redhat.com

http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz

Source: secalert@redhat.com

Patch

http://www.redhat.com/support/errata/RHSA-2010-0124.html

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/0169

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1001

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=550172

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/38154

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/38216

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/38765

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/39656

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceware.org/bugzilla/show_bug.cgi?id=11105

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceware.org/ml/systemtap/2010-q1/msg00142.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.redhat.com/support/errata/RHSA-2010-0124.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/0169

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1001

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=550172

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.