1. Home
  2. CVE Database
  3. CVE-2009-2911
LOW · 1.9

CVE-2009-2911

SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation...

Vulnerability Description

SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.

CVSS Score

1.9

LOW

AV:L/AC:M/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
SystemtapSystemtap1.0

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2009-2911?

CVE-2009-2911 is a vulnerability with a CVSS score of 1.9 (LOW). SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation...

How severe is CVE-2009-2911?

CVE-2009-2911 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2911?

Check the references section above for vendor advisories and patch information. Affected products include: Systemtap Systemtap.