CVE-2009-0784 - Vulnerability Details - OpenCVE

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00039.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Redhat	Enterprise Linux
Systemtap	Systemtap

Configuration 1 [-]

OR	cpe:2.3:a:systemtap:systemtap:0.0.20080705:::::::*
	cpe:2.3:a:systemtap:systemtap:0.0.20090314:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:4.0:::::::*
	cpe:2.3:o:debian:debian_linux:5.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
systemtap-0:0.6.2-2.el4_7	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:0373	2009-03-26T00:00:00Z
Red Hat Enterprise Linux 5
systemtap-0:0.7.2-3.el5_3	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:0373	2009-03-26T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/34441
http://secunia.com/advisories/34479
http://secunia.com/advisories/34548
http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm
http://www.debian.org/security/2009/dsa-1755
http://www.redhat.com/support/errata/RHSA-2009-0373.html
http://www.vupen.com/english/advisories/2009/0907
https://nvd.nist.gov/vuln/detail/CVE-2009-0784
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613
https://www.cve.org/CVERecord?id=CVE-2009-0784

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-03-25T23:00:00

Updated: 2024-08-07T04:48:52.330Z

Reserved: 2009-03-04T00:00:00

Link: CVE-2009-0784

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-03-25T23:30:00.187

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0784

Redhat

Severity : Moderate

Publid Date: 2009-03-25T00:00:00Z

Links: CVE-2009-0784 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-03-25T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-1755", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1755"}, {"name": "34479", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34479"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm"}, {"name": "oval:org.mitre.oval:def:11613", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613"}, {"name": "RHSA-2009:0373", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0373.html"}, {"name": "34548", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34548"}, {"name": "ADV-2009-0907", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0907"}, {"name": "34441", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34441"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:48:52.330Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1755", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1755"}, {"name": "34479", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34479"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm"}, {"name": "oval:org.mitre.oval:def:11613", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613"}, {"name": "RHSA-2009:0373", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0373.html"}, {"name": "34548", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34548"}, {"name": "ADV-2009-0907", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0907"}, {"name": "34441", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34441"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-0784", "datePublished": "2009-03-25T23:00:00", "dateReserved": "2009-03-04T00:00:00", "dateUpdated": "2024-08-07T04:48:52.330Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemtap:systemtap:0.0.20080705:*:*:*:*:*:*:*", "matchCriteriaId": "FF696A11-4FC7-4ECE-B5E3-26B258431803", "vulnerable": true}, {"criteria": "cpe:2.3:a:systemtap:systemtap:0.0.20090314:*:*:*:*:*:*:*", "matchCriteriaId": "4CC37FD4-A179-45E8-8722-A24C3D32CCAE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors."}, {"lang": "es", "value": "Una condici\u00f3n de carrera en la herramienta stap de SystemTap versiones 0.0.20080705 y 0.0.20090314, permite a los usuarios locales del grupo stapusr insertar m\u00f3dulos de kernel de SystemTap arbitrarios y alcanzar privilegios por medio de vectores desconocidos."}], "id": "CVE-2009-0784", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.3, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-25T23:30:00.187", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34441"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34479"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34548"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1755"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0373.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/0907"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34441"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0373.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/0907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}