Vulnerabilities > CVE-2009-0784 - Race Condition vulnerability in multiple products

CVSS 6.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

systemtap

debian

CWE-362

nessus

NVD

Published: 2009-03-25

Updated: 2020-11-04

Summary

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Systemtap Systemtap Systemtap 0.0.20080705 Systemtap Systemtap 0.0.20090314	2
OS	Debian Debian Debian Linux 4.0 Debian Debian Linux 5.0	2

Common Weakness Enumeration (CWE)

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Common Attack Pattern Enumeration and Classification (CAPEC)

Leveraging Race Conditions
This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-0373.NASL
description	From Red Hat Security Advisory 2009:0373 : Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SystemTap is an instrumentation infrastructure for systems running version 2.6 of the Linux kernel. SystemTap scripts can collect system operations data, greatly simplifying information gathering. Collected data can then assist in performance measuring, functional testing, and performance and function problem diagnosis. A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group (and hence root), bypassing directory confinement restrictions and allowing them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784) Note: This issue was only exploitable if another SystemTap kernel module was placed in the
last seen	2020-06-01
modified	2020-06-02
plugin id	67830
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67830
title	Oracle Linux 4 / 5 : systemtap (ELSA-2009-0373)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0373 and # Oracle Linux Security Advisory ELSA-2009-0373 respectively. # include("compat.inc"); if (description) { script_id(67830); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:08"); script_cve_id("CVE-2009-0784"); script_xref(name:"RHSA", value:"2009:0373"); script_name(english:"Oracle Linux 4 / 5 : systemtap (ELSA-2009-0373)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2009:0373 : Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SystemTap is an instrumentation infrastructure for systems running version 2.6 of the Linux kernel. SystemTap scripts can collect system operations data, greatly simplifying information gathering. Collected data can then assist in performance measuring, functional testing, and performance and function problem diagnosis. A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group (and hence root), bypassing directory confinement restrictions and allowing them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784) Note: This issue was only exploitable if another SystemTap kernel module was placed in the 'systemtap/' module directory for the currently running kernel. Red Hat would like to thank Erik Sjolund for reporting this issue. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-March/000934.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-March/000935.html" ); script_set_attribute( attribute:"solution", value:"Update the affected systemtap packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(362); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemtap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemtap-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemtap-runtime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemtap-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemtap-testsuite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/25"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(4\|5)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", reference:"systemtap-0.6.2-2.0.1.el4_7")) flag++; if (rpm_check(release:"EL4", reference:"systemtap-runtime-0.6.2-2.0.1.el4_7")) flag++; if (rpm_check(release:"EL4", reference:"systemtap-testsuite-0.6.2-2.0.1.el4_7")) flag++; if (rpm_check(release:"EL5", reference:"systemtap-0.7.2-3.0.1.el5_3")) flag++; if (rpm_check(release:"EL5", reference:"systemtap-client-0.7.2-3.0.1.el5_3")) flag++; if (rpm_check(release:"EL5", reference:"systemtap-runtime-0.7.2-3.0.1.el5_3")) flag++; if (rpm_check(release:"EL5", reference:"systemtap-server-0.7.2-3.0.1.el5_3")) flag++; if (rpm_check(release:"EL5", reference:"systemtap-testsuite-0.7.2-3.0.1.el5_3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemtap / systemtap-client / systemtap-runtime / systemtap-server / etc"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-0373.NASL
description	Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SystemTap is an instrumentation infrastructure for systems running version 2.6 of the Linux kernel. SystemTap scripts can collect system operations data, greatly simplifying information gathering. Collected data can then assist in performance measuring, functional testing, and performance and function problem diagnosis. A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group (and hence root), bypassing directory confinement restrictions and allowing them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784) Note: This issue was only exploitable if another SystemTap kernel module was placed in the
last seen	2020-06-01
modified	2020-06-02
plugin id	36032
published	2009-03-27
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/36032
title	RHEL 4 / 5 : systemtap (RHSA-2009:0373)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0373. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(36032); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:14"); script_cve_id("CVE-2009-0784"); script_xref(name:"RHSA", value:"2009:0373"); script_name(english:"RHEL 4 / 5 : systemtap (RHSA-2009:0373)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SystemTap is an instrumentation infrastructure for systems running version 2.6 of the Linux kernel. SystemTap scripts can collect system operations data, greatly simplifying information gathering. Collected data can then assist in performance measuring, functional testing, and performance and function problem diagnosis. A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group (and hence root), bypassing directory confinement restrictions and allowing them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784) Note: This issue was only exploitable if another SystemTap kernel module was placed in the 'systemtap/' module directory for the currently running kernel. Red Hat would like to thank Erik Sjolund for reporting this issue. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0784" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:0373" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(362); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-runtime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemtap-testsuite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/25"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4\|5)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2009:0373"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"systemtap-0.6.2-2.el4_7")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"systemtap-0.6.2-2.el4_7")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"systemtap-runtime-0.6.2-2.el4_7")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"systemtap-runtime-0.6.2-2.el4_7")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"systemtap-testsuite-0.6.2-2.el4_7")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"systemtap-testsuite-0.6.2-2.el4_7")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-client-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-client-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-client-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-runtime-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-runtime-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-runtime-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-server-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-server-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-server-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"systemtap-testsuite-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"systemtap-testsuite-0.7.2-3.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"systemtap-testsuite-0.7.2-3.el5_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemtap / systemtap-client / systemtap-runtime / systemtap-server / etc"); } }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1755.NASL
description	Erik Sjoelund discovered that a race condition in the stap tool shipped by Systemtap, an instrumentation system for Linux 2.6, allows local privilege escalation for members of the stapusr group.
last seen	2020-06-01
modified	2020-06-02
plugin id	36040
published	2009-03-30
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/36040
title	Debian DSA-1755-1 : systemtap - race condition

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2009-0373.NASL
description	Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SystemTap is an instrumentation infrastructure for systems running version 2.6 of the Linux kernel. SystemTap scripts can collect system operations data, greatly simplifying information gathering. Collected data can then assist in performance measuring, functional testing, and performance and function problem diagnosis. A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group (and hence root), bypassing directory confinement restrictions and allowing them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784) Note: This issue was only exploitable if another SystemTap kernel module was placed in the
last seen	2020-06-01
modified	2020-06-02
plugin id	43735
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43735
title	CentOS 4 / 5 : systemtap (CESA-2009:0373)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20090326_SYSTEMTAP_ON_SL4_X.NASL
description	A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group (and hence root), bypassing directory confinement restrictions and allowing them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784)
last seen	2020-06-01
modified	2020-06-02
plugin id	60557
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60557
title	Scientific Linux Security Update : systemtap on SL4.x, SL5.x i386/x86_64

Oval

accepted

2013-04-29T04:14:59.522-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.

family

unix

oval:org.mitre.oval:def:11613

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.

version

Redhat

advisories

bugzilla

id	489808
title	CVE-2009-0784 systemtap: race condition leads to privilege escalation

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment systemtap is earlier than 0:0.6.2-2.el4_7
oval oval:com.redhat.rhsa:tst:20090373001
comment systemtap is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20090373002

AND

comment systemtap-testsuite is earlier than 0:0.6.2-2.el4_7
oval oval:com.redhat.rhsa:tst:20090373003
comment systemtap-testsuite is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20090373004

AND
comment systemtap-runtime is earlier than 0:0.6.2-2.el4_7
oval oval:com.redhat.rhsa:tst:20090373005
comment systemtap-runtime is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20090373006

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment systemtap-client is earlier than 0:0.7.2-3.el5_3
oval oval:com.redhat.rhsa:tst:20090373008
comment systemtap-client is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20090373009

AND

comment systemtap-server is earlier than 0:0.7.2-3.el5_3
oval oval:com.redhat.rhsa:tst:20090373010
comment systemtap-server is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20090373011

AND

comment systemtap-testsuite is earlier than 0:0.7.2-3.el5_3
oval oval:com.redhat.rhsa:tst:20090373012
comment systemtap-testsuite is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20090373013

AND

comment systemtap-runtime is earlier than 0:0.7.2-3.el5_3
oval oval:com.redhat.rhsa:tst:20090373014
comment systemtap-runtime is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20090373015

AND
comment systemtap is earlier than 0:0.7.2-3.el5_3
oval oval:com.redhat.rhsa:tst:20090373016
comment systemtap is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20090373017

rhsa

id	RHSA-2009:0373
released	2009-03-26
severity	Moderate
title	RHSA-2009:0373: systemtap security update (Moderate)

rpms

systemtap-0:0.6.2-2.el4_7
systemtap-0:0.7.2-3.el5_3
systemtap-client-0:0.7.2-3.el5_3
systemtap-debuginfo-0:0.6.2-2.el4_7
systemtap-debuginfo-0:0.7.2-3.el5_3
systemtap-runtime-0:0.6.2-2.el4_7
systemtap-runtime-0:0.7.2-3.el5_3
systemtap-server-0:0.7.2-3.el5_3
systemtap-testsuite-0:0.6.2-2.el4_7
systemtap-testsuite-0:0.7.2-3.el5_3

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 34260 CVE(CAN) ID: CVE-2009-0784 SystemTap是一款Linux内核诊断工具，允许从运行中的Linux内核快速和安全地获取信息。 systemtap在检查和加载某些内核模块时存在竞争条件。漏洞起因是checkpath()检查了路径（module_realpath变量），但之后没有使用该路径打开文件。因此，用户可以要求stap加载当前目录中符号链接到有效内核对象的内核模块，然后迅速用恶意内核对象替换符号链接所指向的对象，导致执行本应受限制的目录之外的内核对象。成功利用这个漏洞可能允许stapusr组中的用户将权限提升到stapdev组成员的权限（root），但仅在当前运行内核的systemtap/模块目录中放置了另一个SystemTap内核模块的情况下才可以利用这个漏洞。 SystemTap SystemTap 0.0.20090314 SystemTap SystemTap 0.0.20080705 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1755-1）以及相应补丁: DSA-1755-1：New systemtap packages fix local privilege escalation 链接：<a href=http://www.debian.org/security/2009/dsa-1755 target=_blank rel=external nofollow>http://www.debian.org/security/2009/dsa-1755</a> 补丁下载： Source archives: <a href=http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705.orig.tar.gz</a> Size/MD5 checksum: 880805 8f14c7b79561392e7ec91187ed09f3be <a href=http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1.diff.gz</a> Size/MD5 checksum: 12603 b08a9943746e474ed2aa6ed4bc9fc438 <a href=http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1.dsc</a> Size/MD5 checksum: 1420 bfbaeb5d86bfd6876a04e562dc8c69ec amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_amd64.deb</a> Size/MD5 checksum: 1250966 d8368769f30ecaa915839a1fc937899d arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_arm.deb</a> Size/MD5 checksum: 1309852 7e006ca8bfa2bd36484bd25dda6dcb4c i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_i386.deb</a> Size/MD5 checksum: 1249882 ed02a4eb92c671f18702b69df5ade6d5 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_ia64.deb</a> Size/MD5 checksum: 1441448 7da28afa66b41d81322cf5614cb9af93 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_powerpc.deb</a> Size/MD5 checksum: 1269934 3016e60eb5dbab1b617bf088d807489c s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_s390.deb</a> Size/MD5 checksum: 1227546 9edb1baaa6a126a405674be0a9dcf12c 补丁安装方法： 1. 手工安装补丁包：首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包：首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2009:0373-01）以及相应补丁: RHSA-2009:0373-01：Moderate: systemtap security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2009-0373.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-0373.html</a> SystemTap --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://sources.redhat.com/git/?p=systemtap.git;a=commit;h=b41a544e20a42413daa0323d2f149e9e34586ccf target=_blank rel=external nofollow>http://sources.redhat.com/git/?p=systemtap.git;a=commit;h=b41a544e20a42413daa0323d2f149e9e34586ccf</a>
id	SSV:4986
last seen	2017-11-19
modified	2009-04-02
published	2009-04-02
reporter	Root
title	SystemTap模块加载本地竞争条件漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

Seebug

References