Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2472

Overview

Vulnerability Score 6.3 6.3
CVE Id CVE-2011-2472
Last Modified 06 Sep 2011 11:17:28
Published 09 Jun 2011 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2472

Summary

Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760.

Vulnerable Systems

Application

  • Maynard Johnson Oprofile 0.1

  • Maynard Johnson Oprofile 0.2

  • Maynard Johnson Oprofile 0.3

  • Maynard Johnson Oprofile 0.4

  • Maynard Johnson Oprofile 0.5

  • Maynard Johnson Oprofile 0.5.1

  • Maynard Johnson Oprofile 0.5.2

  • Maynard Johnson Oprofile 0.5.3

  • Maynard Johnson Oprofile 0.5.4

  • Maynard Johnson Oprofile 0.6

  • Maynard Johnson Oprofile 0.6.1

  • Maynard Johnson Oprofile 0.7

  • Maynard Johnson Oprofile 0.7.1

  • Maynard Johnson Oprofile 0.8

  • Maynard Johnson Oprofile 0.8.1

  • Maynard Johnson Oprofile 0.8.2

  • Maynard Johnson Oprofile 0.9

  • Maynard Johnson Oprofile 0.9.1

  • Maynard Johnson Oprofile 0.9.2

  • Maynard Johnson Oprofile 0.9.3

  • Maynard Johnson Oprofile 0.9.4

  • Maynard Johnson Oprofile 0.9.5

  • Maynard Johnson Oprofile 0.9.6


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=700883

MLIST - [oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

XF - oprofile-opcontrol-dir-traversal(67979)

UBUNTU - USN-1166-1

DEBIAN - DSA-2254

SECUNIA - 45205

MLIST - [oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

MLIST - [oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212


Last Updated: 27 May 2016 10:57:02