You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa SystemTap

Sigurnosni nedostatak programskog paketa SystemTap

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201406-04
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
http://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: SystemTap: Denial of Service
Date: June 05, 2014
Bugs: #405345
ID: 201406-04

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

A vulnerability in SystemTap could allow a local attacker to create a
Denial of Service condition.

Background
==========

SystemTap is a kernel profiling and instrumentation tool.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 dev-util/systemtap < 2.0 >= 2.0

Description
===========

SystemTap does not properly handle DWARF expressions when unwinding the
stack.

Impact
======

A local attacker with SystemTap permissions could trigger a kernel
panic, causing a Denial of Service condition.

Workaround
==========

Disabling unprivileged mode is a temporary workaround for this
vulnerability.

Resolution
==========

All SystemTap users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-util/systemtap-2.0”

References
==========

[ 1 ] CVE-2012-0875
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0875

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201406-04.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iEYEARECAAYFAlOPvtQACgkQ23laikJhg1SaFACfdzLcqeZvs7mtd9+BWtTP9QdA
5PcAn1qjUi/Q/5+OKnFxtNMdZB3iNOFt
=uymK
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa Mutt

Otkriven je sigurnosni nedostatak u programskom paketu Mutt. Otkriveni nedostatak je posljedica preljeva spremnika na gomili u mutt_copy_hdr funkciji. Potencijalnim...

Close