GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Jun 05, 2014 1:26 am Post subject: [ GLSA 201406-04 ] SystemTap: Denial of Service |
|
|
Gentoo Linux Security Advisory
Title: SystemTap: Denial of Service (GLSA 201406-04)
Severity: normal
Exploitable: local
Date: June 05, 2014
Bug(s): #405345
ID: 201406-04
Synopsis
A vulnerability in SystemTap could allow a local attacker to create
a Denial of Service condition.
Background
SystemTap is a kernel profiling and instrumentation tool.
Affected Packages
Package: dev-util/systemtap
Vulnerable: < 2.0
Unaffected: >= 2.0
Architectures: All supported architectures
Description
SystemTap does not properly handle DWARF expressions when unwinding the
stack.
Impact
A local attacker with SystemTap permissions could trigger a kernel
panic, causing a Denial of Service condition.
Workaround
Disabling unprivileged mode is a temporary workaround for this
vulnerability.
Resolution
All SystemTap users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/systemtap-2.0"
|
References
CVE-2012-0875 |
|