CVE-2011-2471
published 2011-06-09CVE-2011-2471: utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or…
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.48%
38.0th percentile
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maynard_johnson | oprofile | <= 0.9.6 | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat7.2HIGH
vendor_ubuntu7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OProfile vulnerabilities
vendor_ubuntu·2011-07-11·CVSS 7.2
CVE-2011-1760 [HIGH] OProfile vulnerabilities
Title: OProfile vulnerabilities
Summary: OProfile could be made to run programs as an administrator.
Stephane Chauveau discovered that OProfile did not properly perform input
validation when processing arguments to opcontrol. A local user who is
allowed to run opcontrol with privileges could exploit this to run
arbitrary commands as the privileged user. (CVE-2011-1760, CVE-2011-2471)
Stephane Chauveau discovered a directory traversal vulnerability in
OProfile when processing the --save argument to opcontrol. A local user
could exploit this to overwrite arbitrary files with the privileges of
the user invoking the program. (CVE-2011-2472)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
oprofile: Local privilege escalation via shell metacharacters
vendor_redhat·2011-04-26·CVSS 7.2
CVE-2011-2471 [HIGH] oprofile: Local privilege escalation via shell metacharacters
oprofile: Local privilege escalation via shell metacharacters
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
Statement: Red Hat currently does not plan to address this issue. For details refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18
Package: oprofile (Red Hat Enterprise Linux 4) - Not affected
Package: oprofile (Red Hat Enterprise Linux 5) - Affected
Package: oprofile (Red Hat Enterprise Linux 6) - Affected
GHSA
GHSA-jvp9-2x6w-jpq3: utils/opcontrol in OProfile 0
ghsa_unreviewed·2022-05-17·CVSS 7.2
CVE-2011-2471 [HIGH] GHSA-jvp9-2x6w-jpq3: utils/opcontrol in OProfile 0
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212http://openwall.com/lists/oss-security/2011/05/03/1http://openwall.com/lists/oss-security/2011/05/10/6http://openwall.com/lists/oss-security/2011/05/10/7http://openwall.com/lists/oss-security/2011/05/11/1http://secunia.com/advisories/45205http://www.debian.org/security/2011/dsa-2254http://www.ubuntu.com/usn/USN-1166-1https://bugzilla.redhat.com/show_bug.cgi?id=700883https://exchange.xforce.ibmcloud.com/vulnerabilities/67980http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212http://openwall.com/lists/oss-security/2011/05/03/1http://openwall.com/lists/oss-security/2011/05/10/6http://openwall.com/lists/oss-security/2011/05/10/7http://openwall.com/lists/oss-security/2011/05/11/1http://secunia.com/advisories/45205http://www.debian.org/security/2011/dsa-2254http://www.ubuntu.com/usn/USN-1166-1https://bugzilla.redhat.com/show_bug.cgi?id=700883https://exchange.xforce.ibmcloud.com/vulnerabilities/67980
2011-06-09
Published