QwikSec

Security Database

CVE

CWE

Training

CVE-2011-2471

Published: Jun 9, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

mailing-list

x_refsource_MLIST

[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=700883

x_refsource_CONFIRM

[oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

oprofile-opcontrol-priv-escalation(67980)

vdb-entry

x_refsource_XF

[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.