Debian Security Advisory DSA 1755-1 (systemtap) Network Vulnerability

Summary

The remote host is missing an update to systemtap announced via advisory DSA 1755-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201755-1

Insight

Erik Sjoelund discovered that a race condition in the stap tool shipped by Systemtap, an instrumentation system for Linux 2.6, allows local privilege escalation for members of the stapusr group. The old stable distribution (etch) isn't affected. For the stable distribution (lenny), this problem has been fixed in version 0.0.20080705-1+lenny1. For the unstable distribution (sid), this problem has been fixed in version 0.0.20090314-2. We recommend that you upgrade your systemtap package.

Severity

Classification

CVE CVE-2009-0784
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1054-1 (tiff)
Debian Security Advisory DSA 1117-1 (libgd2)
Debian Security Advisory DSA 062-1 (rxvt)
Debian Security Advisory DSA 006-1 (zope)
Debian Security Advisory DSA 1122-1 (libnet-server-perl)

Take action and discover your vulnerabilities