CVE-2011-1760
published 2011-06-09CVE-2011-1760: utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e…
PriorityP336high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.37%
68.4th percentile
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maynard_johnson | oprofile | <= 0.9.6 | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat7.2HIGH
vendor_ubuntu7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OProfile vulnerabilities
vendor_ubuntu·2011-07-11·CVSS 7.2
CVE-2011-1760 [HIGH] OProfile vulnerabilities
Title: OProfile vulnerabilities
Summary: OProfile could be made to run programs as an administrator.
Stephane Chauveau discovered that OProfile did not properly perform input
validation when processing arguments to opcontrol. A local user who is
allowed to run opcontrol with privileges could exploit this to run
arbitrary commands as the privileged user. (CVE-2011-1760, CVE-2011-2471)
Stephane Chauveau discovered a directory traversal vulnerability in
OProfile when processing the --save argument to opcontrol. A local user
could exploit this to overwrite arbitrary files with the privileges of
the user invoking the program. (CVE-2011-2472)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
oprofile: Local privilege escalation via crafted opcontrol event parameter
vendor_redhat·2011-04-26·CVSS 7.2
CVE-2011-1760 [HIGH] oprofile: Local privilege escalation via crafted opcontrol event parameter
oprofile: Local privilege escalation via crafted opcontrol event parameter
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.
Statement: Red Hat currently does not plan to address this issue. For details refer to: https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18
Package: oprofile (Red Hat Enterprise Linux 4) - Not affected
Package: oprofile (Red Hat Enterprise Linux 5) - Affected
Package: oprofile (Red Hat Enterprise Linux 6) - Affected
Red Hat
oprofile: do_dump_data function symlink attack via opd_pipe
vendor_redhat·2011-04-26·CVSS 7.2
CVE-2011-2473 [HIGH] oprofile: do_dump_data function symlink attack via opd_pipe
oprofile: do_dump_data function symlink attack via opd_pipe
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.
Statement: Red Hat currently does not plan to address this issue. For details refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18
Package: oprofile (Red Hat Enterprise Linux 4) - Not affected
Package: oprofile (Red Hat Enterprise Linux 5) - Affected
Package: oprofile (Red Hat Enterprise Linux 6) - Affected
Red Hat
oprofile: Local privilege escalation via shell metacharacters
vendor_redhat·2011-04-26·CVSS 7.2
CVE-2011-2471 [HIGH] oprofile: Local privilege escalation via shell metacharacters
oprofile: Local privilege escalation via shell metacharacters
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
Statement: Red Hat currently does not plan to address this issue. For details refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18
Package: oprofile (Red Hat Enterprise Linux 4) - Not affected
Package: oprofile (Red Hat Enterprise Linux 5) - Affected
Package: oprofile (Red Hat Enterprise Linux 6) - Affected
Red Hat
oprofile: Directory traversal vulnerability in utils/opcontrol
vendor_redhat·2011-04-26·CVSS 7.2
CVE-2011-2472 [HIGH] oprofile: Directory traversal vulnerability in utils/opcontrol
oprofile: Directory traversal vulnerability in utils/opcontrol
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760.
Statement: Red Hat currently does not plan to address this issue. For details refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18
Package: oprofile (Red Hat Enterprise Linux 4) - Not affected
Package: oprofile (Red Hat Enterprise Linux 5) - Affected
Package: oprofile (Red Hat Enterprise Linux 6) - Affected
GHSA
GHSA-m545-63mf-qh6w: The do_dump_data function in utils/opcontrol in OProfile 0
ghsa_unreviewed·2022-05-17·CVSS 7.2
CVE-2011-2473 [HIGH] CWE-59 GHSA-m545-63mf-qh6w: The do_dump_data function in utils/opcontrol in OProfile 0
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.
GHSA
GHSA-x5g3-v6r9-gfqm: Directory traversal vulnerability in utils/opcontrol in OProfile 0
ghsa_unreviewed·2022-05-17·CVSS 7.2
CVE-2011-2472 [HIGH] CWE-22 GHSA-x5g3-v6r9-gfqm: Directory traversal vulnerability in utils/opcontrol in OProfile 0
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760.
GHSA
GHSA-ccgc-crp4-f2mf: utils/opcontrol in OProfile 0
ghsa_unreviewed·2022-05-17
CVE-2011-1760 [HIGH] CWE-94 GHSA-ccgc-crp4-f2mf: utils/opcontrol in OProfile 0
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.
GHSA
GHSA-jvp9-2x6w-jpq3: utils/opcontrol in OProfile 0
ghsa_unreviewed·2022-05-17·CVSS 7.2
CVE-2011-2471 [HIGH] GHSA-jvp9-2x6w-jpq3: utils/opcontrol in OProfile 0
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
No detection rules found.
Bugzilla
CVE-2011-2473 oprofile: do_dump_data function symlink attack via opd_pipe
bugzilla·2011-06-13·CVSS 7.2
CVE-2011-2473 [HIGH] CVE-2011-2473 oprofile: do_dump_data function symlink attack via opd_pipe
CVE-2011-2473 oprofile: do_dump_data function symlink attack via opd_pipe
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2473 to
the following vulnerability:
Name: CVE-2011-2473
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2473
Assigned: 20110609
Reference: URL:http://openwall.com/lists/oss-security/2011/05/03/1
Reference: URL:http://openwall.com/lists/oss-security/2011/05/10/6
Reference: URL:http://openwall.com/lists/oss-security/2011/05/10/7
Reference: URL:http://openwall.com/lists/oss-security/2011/05/11/1
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212
Reference: DEBIAN:DSA-2254
Reference: URL:http://www.debian.org/security/2011/dsa-2254
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and
earlier might al
Bugzilla
CVE-2011-2471 oprofile: Local privilege escalation via shell metacharacters
bugzilla·2011-06-13·CVSS 7.2
CVE-2011-2471 [HIGH] CVE-2011-2471 oprofile: Local privilege escalation via shell metacharacters
CVE-2011-2471 oprofile: Local privilege escalation via shell metacharacters
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2471 to
the following vulnerability:
Name: CVE-2011-2471
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2471
Assigned: 20110609
Reference: URL:http://openwall.com/lists/oss-security/2011/05/03/1
Reference: URL:http://openwall.com/lists/oss-security/2011/05/10/6
Reference: URL:http://openwall.com/lists/oss-security/2011/05/10/7
Reference: URL:http://openwall.com/lists/oss-security/2011/05/11/1
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=700883
Reference: DEBIAN:DSA-2254
Reference: URL:http://www.debian.org/security/2011/dsa-2254
utils/opcon
Bugzilla
CVE-2011-2472 oprofile: Directory traversal vulnerability in utils/opcontrol
bugzilla·2011-06-13·CVSS 7.2
CVE-2011-2472 [HIGH] CVE-2011-2472 oprofile: Directory traversal vulnerability in utils/opcontrol
CVE-2011-2472 oprofile: Directory traversal vulnerability in utils/opcontrol
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2472 to
the following vulnerability:
Name: CVE-2011-2472
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2472
Assigned: 20110609
Reference: URL:http://openwall.com/lists/oss-security/2011/05/03/1
Reference: URL:http://openwall.com/lists/oss-security/2011/05/10/6
Reference: URL:http://openwall.com/lists/oss-security/2011/05/10/7
Reference: URL:http://openwall.com/lists/oss-security/2011/05/11/1
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=700883
Reference: DEBIAN:DSA-2254
Reference: URL:http://www.debian.org/security/2011/dsa-2254
Directory
Bugzilla
CVE-2011-1760 oprofile: Local privilege escalation via crafted opcontrol event parameter [fedora-all]
bugzilla·2011-05-03·CVSS 7.2
CVE-2011-1760 [HIGH] CVE-2011-1760 oprofile: Local privilege escalation via crafted opcontrol event parameter [fedora-all]
CVE-2011-1760 oprofile: Local privilege escalation via crafted opcontrol event parameter [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=700883
Please note:
Bugzilla
CVE-2011-1760 oprofile: Local privilege escalation via crafted opcontrol event parameter
bugzilla·2011-04-29·CVSS 7.2
CVE-2011-1760 [HIGH] CVE-2011-1760 oprofile: Local privilege escalation via crafted opcontrol event parameter
CVE-2011-1760 oprofile: Local privilege escalation via crafted opcontrol event parameter
It was found that oprofile profiling system did not properly sanitize
the content of event argument, provided to oprofile profiling control
utility (opcontrol). If a local unprivileged user was authorized by
sudoers file to run the opcontrol utility, they could use the flaw
to escalate their privileges (execute arbitrary code with the privileges
of the privileged system user, root). Different vulnerability than
CVE-2006-0576.
References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212
Discussion:
This issue did not affect the version of the oprofile package,
as shipped with Red Hat Enterprise Linux 4.
This issue affects the versions of the oprofile package, as shipped
with Red Hat Ente
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212http://openwall.com/lists/oss-security/2011/04/29/3http://openwall.com/lists/oss-security/2011/05/01/1http://openwall.com/lists/oss-security/2011/05/01/2http://openwall.com/lists/oss-security/2011/05/02/17http://openwall.com/lists/oss-security/2011/05/03/2http://openwall.com/lists/oss-security/2011/05/10/6http://openwall.com/lists/oss-security/2011/05/10/7http://openwall.com/lists/oss-security/2011/05/11/1http://secunia.com/advisories/44790http://secunia.com/advisories/45205http://www.debian.org/security/2011/dsa-2254http://www.securityfocus.com/bid/47652http://www.ubuntu.com/usn/USN-1166-1https://bugzilla.redhat.com/show_bug.cgi?id=700883http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212http://openwall.com/lists/oss-security/2011/04/29/3http://openwall.com/lists/oss-security/2011/05/01/1http://openwall.com/lists/oss-security/2011/05/01/2http://openwall.com/lists/oss-security/2011/05/02/17http://openwall.com/lists/oss-security/2011/05/03/2http://openwall.com/lists/oss-security/2011/05/10/6http://openwall.com/lists/oss-security/2011/05/10/7http://openwall.com/lists/oss-security/2011/05/11/1http://secunia.com/advisories/44790http://secunia.com/advisories/45205http://www.debian.org/security/2011/dsa-2254http://www.securityfocus.com/bid/47652http://www.ubuntu.com/usn/USN-1166-1https://bugzilla.redhat.com/show_bug.cgi?id=700883
2011-06-09
Published