Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Stephane Chauveau discovered that OProfile did not properly perform
input validation when processing arguments to opcontrol. A local user
who is allowed to run opcontrol with privileges could exploit this to
run arbitrary commands as the privileged user. (CVE-2011-1760,
Stephane Chauveau discovered a directory traversal vulnerability in
OProfile when processing the --save argument to opcontrol. A local
user could exploit this to overwrite arbitrary files with the
privileges of the user invoking the program. (CVE-2011-2472).
Update the affected oprofile package.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.0
Public Exploit Available : true