CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2009-4273

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1210%
EPSS Percentile9.55th
Published2010年1月26日
Last Modified2026年4月29日

Vulnerability Description

stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.

Affected Platforms (CPE)

📦
Systemtap

Systemtap

<= 1.0
📦
Systemtap

Systemtap

= 0.2.2
📦
Systemtap

Systemtap

= 0.3
📦
Systemtap

Systemtap

= 0.4
📦
Systemtap

Systemtap

= 0.5
📦
Systemtap

Systemtap

= 0.5.3
📦
Systemtap

Systemtap

= 0.5.4
📦
Systemtap

Systemtap

= 0.5.5
📦
Systemtap

Systemtap

= 0.5.7
📦
Systemtap

Systemtap

= 0.5.8
📦
Systemtap

Systemtap

= 0.5.9
📦
Systemtap

Systemtap

= 0.5.10
📦
Systemtap

Systemtap

= 0.5.12
📦
Systemtap

Systemtap

= 0.5.13
📦
Systemtap

Systemtap

= 0.5.14
📦
Systemtap

Systemtap

= 0.6
📦
Systemtap

Systemtap

= 0.6.2
📦
Systemtap

Systemtap

= 0.7
📦
Systemtap

Systemtap

= 0.7.2
📦
Systemtap

Systemtap

= 0.8
📦
Systemtap

Systemtap

= 0.9
📦
Systemtap

Systemtap

= 0.9.5
📦
Systemtap

Systemtap

= 0.9.7
📦
Systemtap

Systemtap

= 0.9.8
📦
Systemtap

Systemtap

= 0.9.9

References & Advisories

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html
🔗 http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
🔗 http://secunia.com/advisories/38154
🔗 http://secunia.com/advisories/38216

相關漏洞威脅

CVE-2010-04127.5

stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an ...

CVE-2010-41707.2

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local us...

CVE-2009-07846.3

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrar...

CVE-2012-08755.4

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive infor...