CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4273

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1210%
EPSS Percentile9.55th
PublishedJan 26, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.

Affected Platforms (CPE)

πŸ“¦
Systemtap

Systemtap

<= 1.0
πŸ“¦
Systemtap

Systemtap

= 0.2.2
πŸ“¦
Systemtap

Systemtap

= 0.3
πŸ“¦
Systemtap

Systemtap

= 0.4
πŸ“¦
Systemtap

Systemtap

= 0.5
πŸ“¦
Systemtap

Systemtap

= 0.5.3
πŸ“¦
Systemtap

Systemtap

= 0.5.4
πŸ“¦
Systemtap

Systemtap

= 0.5.5
πŸ“¦
Systemtap

Systemtap

= 0.5.7
πŸ“¦
Systemtap

Systemtap

= 0.5.8
πŸ“¦
Systemtap

Systemtap

= 0.5.9
πŸ“¦
Systemtap

Systemtap

= 0.5.10
πŸ“¦
Systemtap

Systemtap

= 0.5.12
πŸ“¦
Systemtap

Systemtap

= 0.5.13
πŸ“¦
Systemtap

Systemtap

= 0.5.14
πŸ“¦
Systemtap

Systemtap

= 0.6
πŸ“¦
Systemtap

Systemtap

= 0.6.2
πŸ“¦
Systemtap

Systemtap

= 0.7
πŸ“¦
Systemtap

Systemtap

= 0.7.2
πŸ“¦
Systemtap

Systemtap

= 0.8
πŸ“¦
Systemtap

Systemtap

= 0.9
πŸ“¦
Systemtap

Systemtap

= 0.9.5
πŸ“¦
Systemtap

Systemtap

= 0.9.7
πŸ“¦
Systemtap

Systemtap

= 0.9.8
πŸ“¦
Systemtap

Systemtap

= 0.9.9

References & Advisories

πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html
πŸ”— http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
πŸ”— http://secunia.com/advisories/38154
πŸ”— http://secunia.com/advisories/38216

Related Vulnerabilities

CVE-2010-04127.5

stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an ...

CVE-2010-41707.2

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local us...

CVE-2009-07846.3

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrar...

CVE-2012-08755.4

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive infor...