CVE-2009-4273
published 2010-01-26CVE-2009-4273: stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
PriorityP269critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
17.72%
96.8th percentile
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | systemtap | < systemtap 1.2-1 (bookworm) | systemtap 1.2-1 (bookworm) |
| debian | systemtap | < systemtap 1.1-1 (bookworm) | systemtap 1.1-1 (bookworm) |
| systemtap | systemtap | <= 1.0 | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
| systemtap | systemtap | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor stap-client invocations for shell metacharacters (semicolons, backslashes) in command-line arguments, particularly in -D and -e parameters, which are the documented injection vectors for CVE-2009-4273. ↗
- →Alert on stap-server network requests containing shell metacharacters in stap command-line arguments, as the server-side bash script does not sanitize inputs from clients. ↗
- →Detect use of the -B (BUILD) option passed to stap-server, which can be abused to inject arbitrary arguments into a make invocation (related incomplete-fix vector CVE-2010-0412 in the stap->make chain). ↗
- →The full injection chain is stap-server -> stap -> make; monitor for unexpected make invocations spawned as children of the stap-server process, especially with attacker-controlled arguments. ↗
- ·stap-server is an optional network compilation server component; if it is not running or is not exposed to untrusted networks, the attack surface for CVE-2009-4273 does not exist. ↗
- ·SystemTap 0.6.2 on EL4 does not include server functionality and is therefore unaffected by this vulnerability. ↗
- ·The fix shipped in SystemTap 1.1 was incomplete; the stap->make injection path remained exploitable and was separately tracked as CVE-2010-0412, requiring additional patches before full remediation. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-0412: systemtap - stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka...
vendor_debian·2010·CVSS 10.0
CVE-2010-0412 [CRITICAL] CVE-2010-0412: systemtap - stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka...
stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.
Scope: local
bookworm: resolved (fixed in 1.2-1)
bullseye: resolved (fixed in 1.2-1)
forky: resolved (fixed in 1.2-1)
sid: resolved (fixed in 1.2-1)
trixie: resolved (fixed in 1.2-1)
Red Hat
systemtap: remote code execution via stap-server
vendor_redhat·2009-12-18·CVSS 10.0
CVE-2010-0412 [CRITICAL] CWE-78 systemtap: remote code execution via stap-server
systemtap: remote code execution via stap-server
stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.
Red Hat
systemtap: remote code execution via stap-server
vendor_redhat·2009-12-18·CVSS 10.0
CVE-2009-4273 [CRITICAL] CWE-78 systemtap: remote code execution via stap-server
systemtap: remote code execution via stap-server
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
Debian
CVE-2009-4273: systemtap - stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary...
vendor_debian·2009·CVSS 10.0
CVE-2009-4273 [CRITICAL] CVE-2009-4273: systemtap - stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary...
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
Scope: local
bookworm: resolved (fixed in 1.1-1)
bullseye: resolved (fixed in 1.1-1)
forky: resolved (fixed in 1.1-1)
sid: resolved (fixed in 1.1-1)
trixie: resolved (fixed in 1.1-1)
GHSA
GHSA-cf29-75j3-j238: stap-server in SystemTap before 1
ghsa_unreviewed·2022-05-02
CVE-2009-4273 [HIGH] CWE-94 GHSA-cf29-75j3-j238: stap-server in SystemTap before 1
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
GHSA
GHSA-3274-qhqf-766c: stap-server in SystemTap 1
ghsa_unreviewed·2022-05-02·CVSS 10.0
CVE-2010-0412 [CRITICAL] GHSA-3274-qhqf-766c: stap-server in SystemTap 1
stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.
OSV
CVE-2010-0412: stap-server in SystemTap 1
osv·2010-02-25·CVSS 10.0
CVE-2010-0412 [CRITICAL] CVE-2010-0412: stap-server in SystemTap 1
stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.
OSV
CVE-2009-4273: stap-server in SystemTap before 1
osv·2010-01-26·CVSS 10.0
CVE-2009-4273 [CRITICAL] CVE-2009-4273: stap-server in SystemTap before 1
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
No detection rules found.
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.htmlhttp://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.htmlhttp://secunia.com/advisories/38154http://secunia.com/advisories/38216http://secunia.com/advisories/38765http://secunia.com/advisories/39656http://sourceware.org/bugzilla/show_bug.cgi?id=11105http://sourceware.org/ml/systemtap/2010-q1/msg00142.htmlhttp://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gzhttp://www.redhat.com/support/errata/RHSA-2010-0124.htmlhttp://www.vupen.com/english/advisories/2010/0169http://www.vupen.com/english/advisories/2010/1001https://bugzilla.redhat.com/show_bug.cgi?id=550172https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.htmlhttp://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.htmlhttp://secunia.com/advisories/38154http://secunia.com/advisories/38216http://secunia.com/advisories/38765http://secunia.com/advisories/39656http://sourceware.org/bugzilla/show_bug.cgi?id=11105http://sourceware.org/ml/systemtap/2010-q1/msg00142.htmlhttp://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gzhttp://www.redhat.com/support/errata/RHSA-2010-0124.htmlhttp://www.vupen.com/english/advisories/2010/0169http://www.vupen.com/english/advisories/2010/1001https://bugzilla.redhat.com/show_bug.cgi?id=550172https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417
2010-01-26
Published