Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| maynard_johnson | oprofile | 0.5 |
| maynard_johnson | oprofile | 0.8.2 |
| maynard_johnson | oprofile | 0.3 |
| maynard_johnson | oprofile | 0.4 |
| maynard_johnson | oprofile | 0.5.1 |
| maynard_johnson | oprofile | 0.1 |
| maynard_johnson | oprofile | 0.7 |
| maynard_johnson | oprofile | 0.8.1 |
| maynard_johnson | oprofile | 0.9 |
| maynard_johnson | oprofile | 0.2 |
| maynard_johnson | oprofile | 0.5.3 |
| maynard_johnson | oprofile | 0.8 |
| maynard_johnson | oprofile | 0.6 |
| maynard_johnson | oprofile | 0.5.4 |
| maynard_johnson | oprofile | * |
| maynard_johnson | oprofile | 0.6.1 |
| maynard_johnson | oprofile | 0.7.1 |
| maynard_johnson | oprofile | 0.5.2 |
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| maynard_johnson | oprofile | 0.5 |
| maynard_johnson | oprofile | 0.8.2 |
| maynard_johnson | oprofile | 0.3 |
| maynard_johnson | oprofile | 0.4 |
| maynard_johnson | oprofile | 0.9.3 |
| maynard_johnson | oprofile | 0.5.1 |
| maynard_johnson | oprofile | 0.1 |
| maynard_johnson | oprofile | 0.9.5 |
| maynard_johnson | oprofile | 0.7 |
| maynard_johnson | oprofile | 0.9.2 |
| maynard_johnson | oprofile | 0.8.1 |
| maynard_johnson | oprofile | 0.9 |
| maynard_johnson | oprofile | 0.2 |
| maynard_johnson | oprofile | 0.5.3 |
| maynard_johnson | oprofile | 0.8 |
| maynard_johnson | oprofile | 0.6 |
| maynard_johnson | oprofile | 0.5.4 |
| maynard_johnson | oprofile | * |
| maynard_johnson | oprofile | 0.6.1 |
| maynard_johnson | oprofile | 0.9.4 |
| maynard_johnson | oprofile | 0.7.1 |
| maynard_johnson | oprofile | 0.9.1 |
| maynard_johnson | oprofile | 0.5.2 |
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| maynard_johnson | oprofile | 0.5 |
| maynard_johnson | oprofile | 0.8.2 |
| maynard_johnson | oprofile | 0.3 |
| maynard_johnson | oprofile | 0.4 |
| maynard_johnson | oprofile | 0.9.3 |
| maynard_johnson | oprofile | 0.5.1 |
| maynard_johnson | oprofile | 0.1 |
| maynard_johnson | oprofile | 0.9.5 |
| maynard_johnson | oprofile | 0.7 |
| maynard_johnson | oprofile | 0.9.2 |
| maynard_johnson | oprofile | 0.8.1 |
| maynard_johnson | oprofile | 0.9 |
| maynard_johnson | oprofile | 0.2 |
| maynard_johnson | oprofile | 0.5.3 |
| maynard_johnson | oprofile | 0.8 |
| maynard_johnson | oprofile | 0.6 |
| maynard_johnson | oprofile | 0.5.4 |
| maynard_johnson | oprofile | * |
| maynard_johnson | oprofile | 0.6.1 |
| maynard_johnson | oprofile | 0.9.4 |
| maynard_johnson | oprofile | 0.7.1 |
| maynard_johnson | oprofile | 0.9.1 |
| maynard_johnson | oprofile | 0.5.2 |
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| maynard_johnson | oprofile | 0.5 |
| maynard_johnson | oprofile | 0.8.2 |
| maynard_johnson | oprofile | 0.3 |
| maynard_johnson | oprofile | 0.4 |
| maynard_johnson | oprofile | 0.9.3 |
| maynard_johnson | oprofile | 0.5.1 |
| maynard_johnson | oprofile | 0.1 |
| maynard_johnson | oprofile | 0.9.5 |
| maynard_johnson | oprofile | 0.7 |
| maynard_johnson | oprofile | 0.9.2 |
| maynard_johnson | oprofile | 0.8.1 |
| maynard_johnson | oprofile | 0.9 |
| maynard_johnson | oprofile | 0.2 |
| maynard_johnson | oprofile | 0.5.3 |
| maynard_johnson | oprofile | 0.8 |
| maynard_johnson | oprofile | 0.6 |
| maynard_johnson | oprofile | 0.5.4 |
| maynard_johnson | oprofile | * |
| maynard_johnson | oprofile | 0.6.1 |
| maynard_johnson | oprofile | 0.9.4 |
| maynard_johnson | oprofile | 0.7.1 |
| maynard_johnson | oprofile | 0.9.1 |
| maynard_johnson | oprofile | 0.5.2 |
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| maynard_johnson | oprofile | 0.5 |
| maynard_johnson | oprofile | 0.8.2 |
| maynard_johnson | oprofile | 0.3 |
| maynard_johnson | oprofile | 0.4 |
| maynard_johnson | oprofile | 0.9.3 |
| maynard_johnson | oprofile | 0.5.1 |
| maynard_johnson | oprofile | 0.1 |
| maynard_johnson | oprofile | 0.9.5 |
| maynard_johnson | oprofile | 0.7 |
| maynard_johnson | oprofile | 0.9.2 |
| maynard_johnson | oprofile | 0.8.1 |
| maynard_johnson | oprofile | 0.9 |
| maynard_johnson | oprofile | 0.2 |
| maynard_johnson | oprofile | 0.5.3 |
| maynard_johnson | oprofile | 0.8 |
| maynard_johnson | oprofile | 0.6 |
| maynard_johnson | oprofile | 0.5.4 |
| maynard_johnson | oprofile | * |
| maynard_johnson | oprofile | 0.6.1 |
| maynard_johnson | oprofile | 0.9.4 |
| maynard_johnson | oprofile | 0.7.1 |
| maynard_johnson | oprofile | 0.9.1 |
| maynard_johnson | oprofile | 0.5.2 |