header-logo
Suggest Exploit
vendor:
SystemTap
by:
7.5
CVSS
HIGH
Remote Command-Injection
78
CWE
Product Name: SystemTap
Affected Version From:
Affected Version To: SystemTap 1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

SystemTap Remote Command-Injection Vulnerability

SystemTap is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.

Mitigation:

Upgrade to SystemTap 1.1 or later to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/37842/info

SystemTap is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.

Versions prior to SystemTap 1.1 are vulnerable. 


The following example commands are available:

stap-client \; ...
stap-client -; ...
stap-client -D 'asdf ; ls /etc' ...
stap-client -e 'script' -D 'asdf ; \; '

Navigation

Suggest Exploit

Services By CQR