CVE-2010-0411 : Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux

Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.

Published 2010-02-08 20:30:01

Updated 2023-02-13 04:16:21

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2010-0411

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-0411

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2010-0411

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0411

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html

[SECURITY] Fedora 12 Update: systemtap-1.1-2.fc12

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:010

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/1001

Webmail | OVH- OVH

CVEs referencing this url
http://securitytracker.com/id?1023664

SystemTap Buffer Overflow in __get_argv() May Let Local Users Gain Elevated Privileges - SecurityTracker
http://sourceware.org/bugzilla/show_bug.cgi?id=11234

11234 – __get_argv can overflow its return buffer
http://www.securityfocus.com/bid/38120

SystemTap '__get_argv()' and '__get_compat_argv()' Local Memory Corruption Vulnerabilities
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9675

Repository / Oval Repository
http://www.redhat.com/support/errata/RHSA-2010-0124.html

Support

CVEs referencing this url
http://sourceware.org/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=a2d399c87a642190f08ede63dc6fc434a5a8363a

sourceware.org Git
http://www.redhat.com/support/errata/RHSA-2010-0125.html

Support
https://bugzilla.redhat.com/show_bug.cgi?id=559719

559719 – (CVE-2010-0411) CVE-2010-0411 systemtap: Crash with systemtap script using __get_argv()
http://marc.info/?l=oss-security&m=126530657715364&w=2

'[oss-security] systemtap DoS issue (CVE-2010-0411)' - MARC
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html

[SECURITY] Fedora 11 Update: systemtap-1.1-2.fc11

CVEs referencing this url

Products affected by CVE-2010-0411

Systemtap » Systemtap » Version: 1.1
cpe:2.3:a:systemtap:systemtap:1.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-0411

Exploit prediction scoring system (EPSS) score for CVE-2010-0411

CVSS scores for CVE-2010-0411

CWE ids for CVE-2010-0411

References for CVE-2010-0411

Products affected by CVE-2010-0411