http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212

[oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

[oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

45205

DSA-2254

USN-1166-1

https://bugzilla.redhat.com/show_bug.cgi?id=700883

oprofile-opcontrol-dir-traversal(67979)

The remote host is affected by the vulnerability described in GLSA-201412-09 (Multiple packages, Multiple vulnerabilities fixed in 2011)

    Vulnerabilities have been discovered in the packages listed below.
      Please review the CVE identifiers in the Reference section for details.
      FMOD Studio       PEAR Mail       LVM2       GnuCash       xine-lib       Last.fm Scrobbler       WebKitGTK+       shadow tool suite       PEAR       unixODBC       Resource Agents       mrouted       rsync       XML Security Library       xrdb       Vino       OProfile       syslog-ng       sFlow Toolkit       GNOME Display Manager       libsoup       CA Certificates       Gitolite       QtCreator       Racer   Impact :

    A context-dependent attacker may be able to gain escalated privileges,       execute arbitrary code, cause Denial of Service, obtain sensitive       information, or otherwise bypass security restrictions.
  Workaround :

    There are no known workarounds at this time.

Stephane Chauveau discovered that OProfile did not properly perform input validation when processing arguments to opcontrol. A local user who is allowed to run opcontrol with privileges could exploit this to run arbitrary commands as the privileged user. (CVE-2011-1760, CVE-2011-2471)

Stephane Chauveau discovered a directory traversal vulnerability in OProfile when processing the --save argument to opcontrol. A local user could exploit this to overwrite arbitrary files with the privileges of the user invoking the program. (CVE-2011-2472).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
79962	GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011	Nessus	Gentoo Local Security Checks	critical
55567	Ubuntu 10.04 LTS : oprofile vulnerabilities (USN-1166-1)	Nessus	Ubuntu Local Security Checks	high

CVE-2011-2472

MEDIUM

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

high