QwikSec

Security Database

CVE

CWE

Training

CVE-2011-2473

Published: Jun 9, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

mailing-list

x_refsource_MLIST

[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

mailing-list

x_refsource_MLIST

[oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

mailing-list

x_refsource_MLIST

[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

mailing-list

x_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

oprofile-opcontrol-symlink(67978)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.