CVE-2009-0784

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.

CVSS v2.0 6.3 MEDIUM

6.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:N/I:C/A:C

Exploitability : 3.4 / Impact : 9.2

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.debian.org/security/2009/dsa-1755	Patch Third Party Advisory
http://secunia.com/advisories/34441	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-0373.html	Third Party Advisory
http://secunia.com/advisories/34479	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm	Third Party Advisory
http://secunia.com/advisories/34548	Third Party Advisory
http://www.vupen.com/english/advisories/2009/0907	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:systemtap:systemtap:0.0.20080705:::::::*
	cpe:2.3:a:systemtap:systemtap:0.0.20090314:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:4.0:::::::*
	cpe:2.3:o:debian:debian_linux:5.0:::::::*

Information

Published : 2009-03-25 16:30

Updated : 2020-11-04 07:43

NVD link : CVE-2009-0784

Mitre link : CVE-2009-0784

JSON object : View

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Advertisement

Products Affected

debian

debian_linux

systemtap

systemtap

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.debian.org/security/2009/dsa-1755", "name": "DSA-1755", "tags": ["Patch", "Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/34441", "name": "34441", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-0373.html", "name": "RHSA-2009:0373", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/34479", "name": "34479", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/34548", "name": "34548", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2009/0907", "name": "ADV-2009-0907", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613", "name": "oval:org.mitre.oval:def:11613", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-362"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0784", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 9.2, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-03-25T23:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:systemtap:systemtap:0.0.20080705:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:systemtap:systemtap:0.0.20090314:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-11-04T15:43Z"}