Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1760

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-1760
Last Modified 06 Sep 2011 11:16:31
Published 09 Jun 2011 03:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-1760

Summary

utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.

Vulnerable Systems

Application

  • Maynard Johnson Oprofile 0.1

  • Maynard Johnson Oprofile 0.2

  • Maynard Johnson Oprofile 0.3

  • Maynard Johnson Oprofile 0.4

  • Maynard Johnson Oprofile 0.5

  • Maynard Johnson Oprofile 0.5.1

  • Maynard Johnson Oprofile 0.5.2

  • Maynard Johnson Oprofile 0.5.3

  • Maynard Johnson Oprofile 0.5.4

  • Maynard Johnson Oprofile 0.6

  • Maynard Johnson Oprofile 0.6.1

  • Maynard Johnson Oprofile 0.7

  • Maynard Johnson Oprofile 0.7.1

  • Maynard Johnson Oprofile 0.8

  • Maynard Johnson Oprofile 0.8.1

  • Maynard Johnson Oprofile 0.8.2

  • Maynard Johnson Oprofile 0.9

  • Maynard Johnson Oprofile 0.9.1

  • Maynard Johnson Oprofile 0.9.2

  • Maynard Johnson Oprofile 0.9.3

  • Maynard Johnson Oprofile 0.9.4

  • Maynard Johnson Oprofile 0.9.5

  • Maynard Johnson Oprofile 0.9.6


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=700883

MLIST - [oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

MLIST - [oss-security] 20110503 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

MLIST - [oss-security] 20110502 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

MLIST - [oss-security] 20110430 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

MLIST - [oss-security] 20110429 CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

UBUNTU - USN-1166-1

BID - 47652

DEBIAN - DSA-2254

SECUNIA - 45205

SECUNIA - 44790

MLIST - [oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212


Last Updated: 27 May 2016 10:56:47