CVE-2011-2472
published 2011-06-09CVE-2011-2472: Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in…
PriorityP423medium6.3CVSS 2.0
AVLACMAuNCNICAC
EPSS
0.54%
41.4th percentile
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maynard_johnson | oprofile | <= 0.9.6 | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
| maynard_johnson | oprofile | — | — |
CVSS provenance
nvdv2.06.3MEDIUMAV:L/AC:M/Au:N/C:N/I:C/A:C
vendor_redhat7.2HIGH
vendor_ubuntu7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OProfile vulnerabilities
vendor_ubuntu·2011-07-11·CVSS 7.2
CVE-2011-1760 [HIGH] OProfile vulnerabilities
Title: OProfile vulnerabilities
Summary: OProfile could be made to run programs as an administrator.
Stephane Chauveau discovered that OProfile did not properly perform input
validation when processing arguments to opcontrol. A local user who is
allowed to run opcontrol with privileges could exploit this to run
arbitrary commands as the privileged user. (CVE-2011-1760, CVE-2011-2471)
Stephane Chauveau discovered a directory traversal vulnerability in
OProfile when processing the --save argument to opcontrol. A local user
could exploit this to overwrite arbitrary files with the privileges of
the user invoking the program. (CVE-2011-2472)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
oprofile: Directory traversal vulnerability in utils/opcontrol
vendor_redhat·2011-04-26·CVSS 7.2
CVE-2011-2472 [HIGH] oprofile: Directory traversal vulnerability in utils/opcontrol
oprofile: Directory traversal vulnerability in utils/opcontrol
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760.
Statement: Red Hat currently does not plan to address this issue. For details refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18
Package: oprofile (Red Hat Enterprise Linux 4) - Not affected
Package: oprofile (Red Hat Enterprise Linux 5) - Affected
Package: oprofile (Red Hat Enterprise Linux 6) - Affected
GHSA
GHSA-x5g3-v6r9-gfqm: Directory traversal vulnerability in utils/opcontrol in OProfile 0
ghsa_unreviewed·2022-05-17·CVSS 7.2
CVE-2011-2472 [HIGH] CWE-22 GHSA-x5g3-v6r9-gfqm: Directory traversal vulnerability in utils/opcontrol in OProfile 0
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2472 oprofile: Directory traversal vulnerability in utils/opcontrol
bugzilla·2011-06-13·CVSS 7.2
CVE-2011-2472 [HIGH] CVE-2011-2472 oprofile: Directory traversal vulnerability in utils/opcontrol
CVE-2011-2472 oprofile: Directory traversal vulnerability in utils/opcontrol
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2472 to
the following vulnerability:
Name: CVE-2011-2472
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2472
Assigned: 20110609
Reference: URL:http://openwall.com/lists/oss-security/2011/05/03/1
Reference: URL:http://openwall.com/lists/oss-security/2011/05/10/6
Reference: URL:http://openwall.com/lists/oss-security/2011/05/10/7
Reference: URL:http://openwall.com/lists/oss-security/2011/05/11/1
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=700883
Reference: DEBIAN:DSA-2254
Reference: URL:http://www.debian.org/security/2011/dsa-2254
Directory
Bugzilla
CVE-2011-1760 oprofile: Local privilege escalation via crafted opcontrol event parameter
bugzilla·2011-04-29·CVSS 7.2
CVE-2011-1760 [HIGH] CVE-2011-1760 oprofile: Local privilege escalation via crafted opcontrol event parameter
CVE-2011-1760 oprofile: Local privilege escalation via crafted opcontrol event parameter
It was found that oprofile profiling system did not properly sanitize
the content of event argument, provided to oprofile profiling control
utility (opcontrol). If a local unprivileged user was authorized by
sudoers file to run the opcontrol utility, they could use the flaw
to escalate their privileges (execute arbitrary code with the privileges
of the privileged system user, root). Different vulnerability than
CVE-2006-0576.
References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212
Discussion:
This issue did not affect the version of the oprofile package,
as shipped with Red Hat Enterprise Linux 4.
This issue affects the versions of the oprofile package, as shipped
with Red Hat Ente
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212http://openwall.com/lists/oss-security/2011/05/03/1http://openwall.com/lists/oss-security/2011/05/10/6http://openwall.com/lists/oss-security/2011/05/10/7http://openwall.com/lists/oss-security/2011/05/11/1http://secunia.com/advisories/45205http://www.debian.org/security/2011/dsa-2254http://www.ubuntu.com/usn/USN-1166-1https://bugzilla.redhat.com/show_bug.cgi?id=700883https://exchange.xforce.ibmcloud.com/vulnerabilities/67979http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212http://openwall.com/lists/oss-security/2011/05/03/1http://openwall.com/lists/oss-security/2011/05/10/6http://openwall.com/lists/oss-security/2011/05/10/7http://openwall.com/lists/oss-security/2011/05/11/1http://secunia.com/advisories/45205http://www.debian.org/security/2011/dsa-2254http://www.ubuntu.com/usn/USN-1166-1https://bugzilla.redhat.com/show_bug.cgi?id=700883https://exchange.xforce.ibmcloud.com/vulnerabilities/67979
2011-06-09
Published