CVE-2010-0412 - Vulnerability Details - OpenCVE

stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Systemtap	Systemtap

Configuration 1 [-]

cpe:2.3:a:systemtap:systemtap:1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html
http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html
http://www.securityfocus.com/bid/38316
https://exchange.xforce.ibmcloud.com/vulnerabilities/56611
https://nvd.nist.gov/vuln/detail/CVE-2010-0412
https://www.cve.org/CVERecord?id=CVE-2010-0412

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-02-25T00:00:00

Updated: 2024-08-07T00:45:12.276Z

Reserved: 2010-01-27T00:00:00

Link: CVE-2010-0412

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-02-25T00:30:00.517

Modified: 2024-11-21T01:12:10.180

Link: CVE-2010-0412

Redhat

Severity : Important

Publid Date: 2009-12-18T00:00:00Z

Links: CVE-2010-0412 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-02-15T00:00:00", "descriptions": [{"lang": "en", "value": "stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2010-1373", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html"}, {"name": "systemtap-stapserver-unspecified(56611)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56611"}, {"name": "[scm-commits] 20100215 rpms/systemtap/devel systemtap-1.1-tighten-server-params.patch, NONE, 1.1 systemtap.spec, 1.59, 1.60", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html"}, {"name": "FEDORA-2010-1720", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html"}, {"name": "38316", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38316"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:12.276Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2010-1373", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html"}, {"name": "systemtap-stapserver-unspecified(56611)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56611"}, {"name": "[scm-commits] 20100215 rpms/systemtap/devel systemtap-1.1-tighten-server-params.patch, NONE, 1.1 systemtap.spec, 1.59, 1.60", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html"}, {"name": "FEDORA-2010-1720", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html"}, {"name": "38316", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38316"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0412", "datePublished": "2010-02-25T00:00:00", "dateReserved": "2010-01-27T00:00:00", "dateUpdated": "2024-08-07T00:45:12.276Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemtap:systemtap:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5AB898A5-C8EF-4BBA-B480-00461218FC3B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273."}, {"lang": "es", "value": "stap-server en SystemTap v1.1 no restringe adecuadamente el valor de la opci\u00f3n -B(tambi\u00e9n conocida como BUILD), lo que permite a atacantes tener un impacto desconocido a trav\u00e9s de vectores asociados con la ejecuci\u00f3n del programa \"make\". Vector distinto del CVE-2009-4273."}], "id": "CVE-2010-0412", "lastModified": "2024-11-21T01:12:10.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-25T00:30:00.517", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/38316"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56611"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/38316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56611"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}