CVE-2011-2473 - Improper Link Resolution Before File Access ('Link Following')

Severity

63%

Complexity

34%

Confidentiality

153%

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.

CVSS 2.0 Base Score 6.3. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:C/A:C).

Overview

Type

Maynard Johnson OProfile

First reported 13 years ago

2011-06-09 21:55:00

Last updated 7 years ago

2017-08-29 01:29:00

Affected Software

Maynard Johnson OProfile 0.1

0.1

Maynard Johnson OProfile 0.2

0.2

Maynard Johnson OProfile 0.3

0.3

Maynard Johnson OProfile 0.4

0.4

Maynard Johnson OProfile 0.5

0.5

Maynard Johnson OProfile 0.5.1

0.5.1

Maynard Johnson OProfile 0.5.2

0.5.2

Maynard Johnson OProfile 0.5.3

0.5.3

Maynard Johnson OProfile 0.5.4

0.5.4

Maynard Johnson OProfile 0.6

0.6

Maynard Johnson OProfile 0.6.1

0.6.1

Maynard Johnson OProfile 0.7

0.7

Maynard Johnson OProfile 0.7.1

0.7.1

Maynard Johnson OProfile 0.8

0.8

Maynard Johnson OProfile 0.8.1

0.8.1

Maynard Johnson OProfile 0.8.2

0.8.2

Maynard Johnson OProfile 0.9

0.9

Maynard Johnson OProfile 0.9.1

0.9.1

Maynard Johnson OProfile 0.9.2

0.9.2

Maynard Johnson OProfile 0.9.3

0.9.3

Maynard Johnson OProfile 0.9.4

0.9.4

Maynard Johnson OProfile 0.9.5

0.9.5

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212

Exploit

[oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

Patch

[oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

DSA-2254

oprofile-opcontrol-symlink(67978)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.