Ubuntu 1166-1: OProfile vulnerabilities

    Date11 Jul 2011
    CategoryUbuntu
    55
    Posted ByLinuxSecurity Advisories
    OProfile could be made to run programs as an administrator.
    ==========================================================================
    Ubuntu Security Notice USN-1166-1
    July 11, 2011
    
    oprofile vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 10.04 LTS
    
    Summary:
    
    OProfile could be made to run programs as an administrator.
    
    Software Description:
    - oprofile: System-wide profiler for Linux systems
    
    Details:
    
    Stephane Chauveau discovered that OProfile did not properly perform input
    validation when processing arguments to opcontrol. A local user who is
    allowed to run opcontrol with privileges could exploit this to run
    arbitrary commands as the privileged user. (CVE-2011-1760, CVE-2011-2471)
    
    Stephane Chauveau discovered a directory traversal vulnerability in
    OProfile when processing the --save argument to opcontrol. A local user
    could exploit this to overwrite arbitrary files with the privileges of
    the user invoking the program. (CVE-2011-2472)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 10.04 LTS:
      oprofile                        0.9.6-1ubuntu4.4
    
    In general, a standard system update will make all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-1166-1
      CVE-2011-1760, CVE-2011-2471, CVE-2011-2472
    
    Package Information:
      https://launchpad.net/ubuntu/+source/oprofile/0.9.6-1ubuntu4.4
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.