Summary: | <dev-util/oprofile-0.9.6-r1: Privilege Escalation when permitted via sudo (CVE-2011-{1760,2471,2472,2473}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | alexanderyt, bircoph, glsamaker, pva, spock, tomwij |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212 | ||
Whiteboard: | C1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2011-05-10 05:04:08 UTC
oprofile-0.9.6-r1 fixes this issue. Actually I've not applied Sanitize Event Names patch [1] as it looks like most of issues are covered by Do additional checks on user supplied arguments patch [2]: [1] https://bugzilla.redhat.com/attachment.cgi?id=499232 [2] https://bugzilla.redhat.com/attachment.cgi?id=499235 I've contacted William Cohen to make sure I understand issue correctly and once they answer I either add arch teams here or add patch and arch teams. CVE-2011-1760 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760): utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument. Got confirmation from upstream developer. Arch teams, please, stabilize dev-util/oprofile-0.9.6-r1. TIA. amd64 ok, see Bug 372581 for improvements ;) ppc done amd64: emerged ok. amd64 done. Thanks Agostino and Ian x86 stable Stable for HPPA. Thanks, folks. GLSA request filed. *** Bug 372913 has been marked as a duplicate of this bug. *** Security team, <oprofile-0.9.6-r1 versions are no longer in tree since 16 Feb 2013. Should this bug be closed as obsolete? (In reply to Andrew Savchenko from comment #12) > Security team, <oprofile-0.9.6-r1 versions are no longer in tree since 16 > Feb 2013. Should this bug be closed as obsolete? Yes, we know. This bug is slated to go out on a special GLSA by the end of the year and will be closed at that time along with all the other old bugs. Thanks. This issue was resolved and addressed in GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml by GLSA coordinator Sean Amoss (ackle). |