Vulnerability CVE-2011-2472
Published: 2011-06-09   Modified: 2012-02-13

Description:
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760.

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.3/10
9.2/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Complete
Complete
Affected software
Maynard johnson -> Oprofile 

 References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212
http://openwall.com/lists/oss-security/2011/05/03/1
http://openwall.com/lists/oss-security/2011/05/10/6
http://openwall.com/lists/oss-security/2011/05/10/7
http://openwall.com/lists/oss-security/2011/05/11/1
http://www.debian.org/security/2011/dsa-2254
http://www.ubuntu.com/usn/USN-1166-1
https://bugzilla.redhat.com/show_bug.cgi?id=700883
https://exchange.xforce.ibmcloud.com/vulnerabilities/67979
Copyright 2024, cxsecurity.com

 

Back to Top