Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2471

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-2471
Last Modified 06 Sep 2011 11:17:28
Published 09 Jun 2011 05:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2471

Summary

utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.

Vulnerable Systems

Application

  • Maynard Johnson Oprofile 0.1

  • Maynard Johnson Oprofile 0.2

  • Maynard Johnson Oprofile 0.3

  • Maynard Johnson Oprofile 0.4

  • Maynard Johnson Oprofile 0.5

  • Maynard Johnson Oprofile 0.5.1

  • Maynard Johnson Oprofile 0.5.2

  • Maynard Johnson Oprofile 0.5.3

  • Maynard Johnson Oprofile 0.5.4

  • Maynard Johnson Oprofile 0.6

  • Maynard Johnson Oprofile 0.6.1

  • Maynard Johnson Oprofile 0.7

  • Maynard Johnson Oprofile 0.7.1

  • Maynard Johnson Oprofile 0.8

  • Maynard Johnson Oprofile 0.8.1

  • Maynard Johnson Oprofile 0.8.2

  • Maynard Johnson Oprofile 0.9

  • Maynard Johnson Oprofile 0.9.1

  • Maynard Johnson Oprofile 0.9.2

  • Maynard Johnson Oprofile 0.9.3

  • Maynard Johnson Oprofile 0.9.4

  • Maynard Johnson Oprofile 0.9.5

  • Maynard Johnson Oprofile 0.9.6


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=700883

MLIST - [oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

XF - oprofile-opcontrol-priv-escalation(67980)

UBUNTU - USN-1166-1

DEBIAN - DSA-2254

SECUNIA - 45205

MLIST - [oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

MLIST - [oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212


Last Updated: 27 May 2016 10:57:02