Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-2473

Published: 9 June 2011

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.

Notes

AuthorNote
jdstrand 
this attack requires that the user is using a --session-dir that
is under the attacker's control. --session-dir defaults to /var/lib/oprofile
so this is not a problem in the default configuration. Proper use of --init
will setup the session dir with correct permissions, and this is needed to
use a different session dir anyway. The vulnerability comes in if the
session dir's permissions change after using --init or are created in another
user's directory that is under the attacker's control. While it would be good
to try to defend against this, the checks would be racy and the vulnerability
is somewhat contrived to begin with. Upstream has not patched this as of
2011-07-07.

Priority

Negligible

Status

Package Release Status
oprofile
Launchpad, Ubuntu, Debian 		hardy Ignored
(end of life)
lucid Ignored

maverick Ignored

natty Ignored

upstream Needed

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading