Upstream information

CVE-2012-0875 at MITRE

Description

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.37
Vector AV:L/AC:M/Au:N/C:P/I:N/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entry: 748564 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP2
  • systemtap >= 1.5-0.9.1
  • systemtap-server >= 1.5-0.9.1
Patchnames:
slessp2-systemtap
SUSE Linux Enterprise Server for VMWare 11 SP2
  • systemtap >= 1.5-0.9.1
  • systemtap-server >= 1.5-0.9.1
Patchnames:
slessp2-systemtap
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • systemtap >= 1.5-0.9.1
  • systemtap-server >= 1.5-0.9.1
Builds
SAT Patch Nr: 7444