CVE-2011-2905

Published: 06 October 2011

Untrusted search path vulnerability in the perf_config function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory.

From the Ubuntu security team

Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
Patches:
Introduced by 0780060124011b94af55830939c86cc0916be0f5
Fixed by aba8d056078e47350d85b06a9cabd5afcc4b72ea
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc2)