QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2911

Published: Oct 22, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://sources.redhat.com/bugzilla/show_bug.cgi?id=10750

x_refsource_CONFIRM

FEDORA-2009-10849

vendor-advisory

x_refsource_FEDORA

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41633

x_refsource_MISC

[oss-security] 20091021 CVE assignment notification -- CVE-2009-2911 - Three SystemTap-1.0 DoS issues

mailing-list

x_refsource_MLIST

FEDORA-2009-10719

vendor-advisory

x_refsource_FEDORA

https://bugzilla.redhat.com/show_bug.cgi?id=529175

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.