Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2473

Overview

Vulnerability Score 6.3 6.3
CVE Id CVE-2011-2473
Last Modified 06 Sep 2011 11:17:28
Published 09 Jun 2011 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2473

Summary

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.

Vulnerable Systems

Application

  • Maynard Johnson Oprofile 0.1

  • Maynard Johnson Oprofile 0.2

  • Maynard Johnson Oprofile 0.3

  • Maynard Johnson Oprofile 0.4

  • Maynard Johnson Oprofile 0.5

  • Maynard Johnson Oprofile 0.5.1

  • Maynard Johnson Oprofile 0.5.2

  • Maynard Johnson Oprofile 0.5.3

  • Maynard Johnson Oprofile 0.5.4

  • Maynard Johnson Oprofile 0.6

  • Maynard Johnson Oprofile 0.6.1

  • Maynard Johnson Oprofile 0.7

  • Maynard Johnson Oprofile 0.7.1

  • Maynard Johnson Oprofile 0.8

  • Maynard Johnson Oprofile 0.8.1

  • Maynard Johnson Oprofile 0.8.2

  • Maynard Johnson Oprofile 0.9

  • Maynard Johnson Oprofile 0.9.1

  • Maynard Johnson Oprofile 0.9.2

  • Maynard Johnson Oprofile 0.9.3

  • Maynard Johnson Oprofile 0.9.4

  • Maynard Johnson Oprofile 0.9.5

  • Maynard Johnson Oprofile 0.9.6


References

MLIST - [oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

XF - oprofile-opcontrol-symlink(67978)

DEBIAN - DSA-2254

MLIST - [oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

MLIST - [oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212


Last Updated: 27 May 2016 10:57:02