cbcvebase.
CVE-2011-2473
published 2011-06-09

CVE-2011-2473: The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted…

PriorityP420medium6.3CVSS 2.0
AVLACMAuNCNICAC
EPSS
0.40%
31.9th percentile
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.

Affected

23 ranges
VendorProductVersion rangeFixed in
maynard_johnsonoprofile<= 0.9.6
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile
maynard_johnsonoprofile

CVSS provenance

nvdv2.06.3MEDIUMAV:L/AC:M/Au:N/C:N/I:C/A:C
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.