CVE-2010-0411 Information

Description

Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash or system crash or hang) via a process with a large number of arguments leading to a buffer overflow.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://marc.info/?l=oss-security&m=126530657715364&w=2 http://secunia.com/advisories/38426 http://secunia.com/advisories/38680 http://secunia.com/advisories/38765 http://secunia.com/advisories/38817 http://secunia.com/advisories/39656 http://securitytracker.com/id?1023664 http://sourceware.org/bugzilla/show_bug.cgi?id=11234 http://sourceware.org/git/gitweb.cgi?p=systemtap.git;a=commit;h=a2d399c87a642190f08ede63dc6fc434a5a8363a http://www.redhat.com/support/errata/RHSA-2010-0124.html http://www.redhat.com/support/errata/RHSA-2010-0125.html http://www.securityfocus.com/bid/38120 http://www.vupen.com/english/advisories/2010/1001 https://bugzilla.redhat.com/show_bug.cgi?id=559719 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9675