5 matches found
CVE-2011-1760
CVE-2011-1760 affects utils/opcontrol in OProfile 0.9.6 and earlier. The root cause is an eval injection possibility via shell metacharacters in the -e argument, enabling local users to gain privileges. Reports in connected documents confirm impact on affected distributions (e.g., EulerOS advisor...
CVE-2011-2473
CVE-2011-2473 concerns do_dump_data in utils/opcontrol of OProfile (0.9.6 and earlier). The flaw allows local users to create or overwrite arbitrary files via a crafted --session-dir argument combined with a symlink attack on the opd_pipe file, and is described as a different vulnerability from C...
CVE-2011-2472
CVE-2011-2472 affects OProfile (utils/opcontrol) up to version 0.9.6. The flaw allows local users to overwrite arbitrary files via a .. in the --save argument (related to --session-dir), constituting a directory traversal vulnerability. The issue is distinct from CVE-2011-1760 and is documented i...
CVE-2011-2471
CVE-2011-2471 concerns utils/opcontrol in OProfile 0.9.6 and earlier, where local users could gain privileges via shell metacharacters in (1) --vmlinux, (2) --session-dir, or (3) --xen, tied to the daemonrc file and the do_save_setup/do_load_setup functions. The related OpenVAS/Nessus entries cor...
CVE-2006-0576
CVE-2006-0576 affects opcontrol in OProfile 0.9.1 and earlier, where an untrusted search path allows local users to execute arbitrary commands by a crafted PATH referencing (1) which or (2) dirname programs. The issue can occur in contexts where opcontrol is accessed via sudo, though opcontrol is...